On Mon, 2 Nov 2015, Yoav Nir wrote:
P.S. Someone’s asked me off-list whether there is any IPsecME document that says not to trust SHA-1 in signatures, both AUTH payload and certificates, the way the TLS 1.3 document may end up saying for TLS. I’m wondering if RFC4307bis might be the place for this, in particular the signature in AUTH payload. Just something to think about before we bikeshed.RFC4307bis Bikeshedding Session.
We should have text to clarify the difference of algorithm use in IKE/IPsec and in AUTH processing. Initial thought is that AUTH processing crypto restrictions don't beling in 4307bis. Paul _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
