Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport

To: martin.rex at sap.com, RDugal at certicom.com (Rob Dugal)
Subject: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
From: Paul Hoffman <paul.hoffman at vpnc.org>
Date: Wed, 5 Mar 2008 09:56:57 -0800
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <200803051409.m25E9WPq014580 at fs4113.wdf.sap.corp>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <200803051409.m25E9WPq014580 at fs4113.wdf.sap.corp>
Sender: tls-bounces at ietf.org

At 3:09 PM +0100 3/5/08, Martin Rex wrote:
>Rob Dugal wrote:
>>
>>  You raise good points but by not having SHA-224 as a supported hash
>>  algorithm you effectively prevent anyone from using any certificates which
>>  use SHA-224 in TLS 1.2.
>>  If the certificate doesn't use a hash algorithm found in the
>>  signature_algorithms extension then it cannot be used in TLS 1.2.
>
>Maybe it is a good idea to use this as market pressure to
>keep CAs from doing stupid things, such as issuing X.509
>certificates with SHA-224 instead of SHA-256 in the signature.

I'm with Martin on this one. The reason SHA-224 was invented was to 
have "impedance balance" with TripleDES. Even if you agree with that 
reasoning, there is no reason to use it in certificates. We don't 
need to help them here.

--Paul Hoffman, Director
--VPN Consortium
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
  - From: Martin Rex

References:
- Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
  - From: Martin Rex

Prev by Date: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
Next by Date: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
Previous by thread: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
Next by thread: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
Index(es):
- Date
- Thread

Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.