Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport

To: <martin.rex at sap.com>, <RDugal at certicom.com>
Subject: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
From: <Pasi.Eronen at nokia.com>
Date: Thu, 6 Mar 2008 09:40:29 +0200
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <200803051409.m25E9WPq014580 at fs4113.wdf.sap.corp>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <OF8E422CE6.0B879BB8-ON85257403.0040C27F-85257403.00418284 at certicom.com>from "Rob Dugal" at Mar 5, 8 06:54:11 am <200803051409.m25E9WPq014580 at fs4113.wdf.sap.corp>
Sender: tls-bounces at ietf.org
Thread-index: Ach+yrELfiXu1U+VRTS2bxKwtiBeVwAkGmPA
Thread-topic: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport

Martin Rex wrote:

> Maybe it is a good idea to use this as market pressure to
> keep CAs from doing stupid things, such as issuing X.509
> certificates with SHA-224 instead of SHA-256 in the signature.
> 
> (I hope that NIST didn't come up with a braindead suggestion 
> to do so.)

One of the four allowed parameter combinations for DSA in current 
FIPS 186-3 draft is (L=2048, N=224), which potentially (although
not necessarily) could mean SHA-224.

However, the issue at hand is not whether this is a particularly
good idea or not (probably it isn't; and you can send comments
to NIST about that).

The issue is whether we want TLS 1.2 to be as algorithm-agile as 
possible, or try to impose artificial limitations to this agility 
as "market pressure". I would support making this agile, instead
of trying to predict (or control) the future.

Best regards,
Pasi
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
  - From: Blumenthal, Uri
- Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
  - From: Eric Rescorla

References:
- Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
  - From: Rob Dugal
- Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
  - From: Martin Rex

Prev by Date: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
Next by Date: Re: [TLS] Review of draft-kato-tls-rfc4132bis-00
Previous by thread: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
Next by thread: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
Index(es):
- Date
- Thread

Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.