W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

Re: FW: New Version Notification for draft-thomson-http2-client-certs-01.txt

From: Ilari Liusvaara <ilariliusvaara@welho.com>
Date: Thu, 28 Jan 2016 09:29:48 +0200
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Mike Bishop <Michael.Bishop@microsoft.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20160128072948.GA11013@LK-Perkele-V2.elisa-laajakaista.fi>
On Thu, Jan 28, 2016 at 12:01:51PM +1100, Martin Thomson wrote:
> GIthub is unicorny again [1], so I'm going to dump this into email for
> later action.
> 
> This should say that only the signature algorithms supported in the
> negotiated version of TLS can be used.  Plus the following MUST NOT be
> used:
>  - MD5
>  - SHA1
>  - SHA224
>  - DSA
>  - ECDSA with curves on prime fields that are less than 240 bits wide
>  - RSA with a prime modulus less than 2048 bits
> 
> I think that's about as aggressive without starting to prohibit some
> things that are in common use.  Would that work for you Ilari?

Sure, seems reasonable.


-Ilari
Received on Thursday, 28 January 2016 07:30:20 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 March 2016 12:47:11 UTC