W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

RE: FW: New Version Notification for draft-thomson-http2-client-certs-01.txt

From: Mike Bishop <Michael.Bishop@microsoft.com>
Date: Thu, 28 Jan 2016 23:31:31 +0000
To: "ilariliusvaara@welho.com" <ilariliusvaara@welho.com>, Martin Thomson <martin.thomson@gmail.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CY1PR03MB13744FAAD254D1164EF0BD2887DA0@CY1PR03MB1374.namprd03.prod.outlook.com>
https://github.com/MikeBishop/http2-client-certs/commit/33262d527e88948a9fb3b9f10cbb2988c4cc50dc


-----Original Message-----
From: ilariliusvaara@welho.com [mailto:ilariliusvaara@welho.com] 
Sent: Wednesday, January 27, 2016 11:30 PM
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Mike Bishop <Michael.Bishop@microsoft.com>; HTTP Working Group <ietf-http-wg@w3.org>
Subject: Re: FW: New Version Notification for draft-thomson-http2-client-certs-01.txt

On Thu, Jan 28, 2016 at 12:01:51PM +1100, Martin Thomson wrote:
> GIthub is unicorny again [1], so I'm going to dump this into email for 
> later action.
> 
> This should say that only the signature algorithms supported in the 
> negotiated version of TLS can be used.  Plus the following MUST NOT be
> used:
>  - MD5
>  - SHA1
>  - SHA224
>  - DSA
>  - ECDSA with curves on prime fields that are less than 240 bits wide
>  - RSA with a prime modulus less than 2048 bits
> 
> I think that's about as aggressive without starting to prohibit some 
> things that are in common use.  Would that work for you Ilari?

Sure, seems reasonable.


-Ilari
Received on Thursday, 28 January 2016 23:32:08 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 March 2016 12:47:11 UTC