- From: Mike Bishop <Michael.Bishop@microsoft.com>
- Date: Thu, 28 Jan 2016 23:31:31 +0000
- To: "ilariliusvaara@welho.com" <ilariliusvaara@welho.com>, Martin Thomson <martin.thomson@gmail.com>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
https://github.com/MikeBishop/http2-client-certs/commit/33262d527e88948a9fb3b9f10cbb2988c4cc50dc -----Original Message----- From: ilariliusvaara@welho.com [mailto:ilariliusvaara@welho.com] Sent: Wednesday, January 27, 2016 11:30 PM To: Martin Thomson <martin.thomson@gmail.com> Cc: Mike Bishop <Michael.Bishop@microsoft.com>; HTTP Working Group <ietf-http-wg@w3.org> Subject: Re: FW: New Version Notification for draft-thomson-http2-client-certs-01.txt On Thu, Jan 28, 2016 at 12:01:51PM +1100, Martin Thomson wrote: > GIthub is unicorny again [1], so I'm going to dump this into email for > later action. > > This should say that only the signature algorithms supported in the > negotiated version of TLS can be used. Plus the following MUST NOT be > used: > - MD5 > - SHA1 > - SHA224 > - DSA > - ECDSA with curves on prime fields that are less than 240 bits wide > - RSA with a prime modulus less than 2048 bits > > I think that's about as aggressive without starting to prohibit some > things that are in common use. Would that work for you Ilari? Sure, seems reasonable. -Ilari
Received on Thursday, 28 January 2016 23:32:08 UTC