- From: Ilari Liusvaara <ilariliusvaara@welho.com>
- Date: Thu, 28 Jan 2016 09:29:48 +0200
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: Mike Bishop <Michael.Bishop@microsoft.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Thu, Jan 28, 2016 at 12:01:51PM +1100, Martin Thomson wrote: > GIthub is unicorny again [1], so I'm going to dump this into email for > later action. > > This should say that only the signature algorithms supported in the > negotiated version of TLS can be used. Plus the following MUST NOT be > used: > - MD5 > - SHA1 > - SHA224 > - DSA > - ECDSA with curves on prime fields that are less than 240 bits wide > - RSA with a prime modulus less than 2048 bits > > I think that's about as aggressive without starting to prohibit some > things that are in common use. Would that work for you Ilari? Sure, seems reasonable. -Ilari
Received on Thursday, 28 January 2016 07:30:20 UTC