Forgot the link…
> On 2 Nov 2015, at 12:38 PM, Yoav Nir <[email protected]> wrote:
>
>
>> On 2 Nov 2015, at 12:27 PM, Paul Wouters <[email protected]> wrote:
>>
>> On Mon, 2 Nov 2015, Yoav Nir wrote:
>>
>>>>> P.S. Someone’s asked me off-list whether there is any IPsecME document
>>>>> that says not to trust SHA-1 in signatures, both AUTH payload and
>>>>> certificates, the way the TLS 1.3 document may end up saying for TLS. I’m
>>>>> wondering if RFC4307bis might be the place for this, in particular the
>>>>> signature in AUTH payload. Just something to think about before we
>>>>> bikeshed.RFC4307bis Bikeshedding Session.
>>>>
>>>> We should have text to clarify the difference of algorithm use in
>>>> IKE/IPsec and in AUTH processing. Initial thought is that AUTH
>>>> processing crypto restrictions don't beling in 4307bis.
>>>
>>> I think we do need some kind of statement along the lines:
>>> - With RSA signatures, use SHA-256 or better, not SHA-1 (BTW: 7296 says
>>> “SHOULD use SHA-1” and this is a document from only last year…)
>>> - Don’t use DSS because that is only defined with SHA-1.
>>> - With ECDSA no need to specify because each curve comes with a hash
>>> - PSK is fine because you are using a PRF.
>>> - With anything else, don’t use any hash weaker than SHA-256.
>>>
>>> If not here, where does this advice go?
>>
>> I see your point. But for instance for X509 certificates, I really would
>> like to not make any statement and point to whatever equivalent of PKIX
>> documents there are on that. Does the TLS WG have any documents on
>> crypto agility for PKIX?
>
> The TLS list currently has a thread about whether TLS 1.3 should prohibit
> SHA-1 only in signatures or also in the certificate chain.
https://mailarchive.ietf.org/arch/msg/tls/-1LxtUHZTQXvvMVsLR4jzp79q9E
>
> It’s not decided yet, but they *are* prohibiting SHA-1 in the protocol
> (CertificateVerify message), and current spec prohibits server certificate
> signed with SHA-1 (only EE certificate) when another certificate exists.
>
> Yoav
>
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
