If not here, where does this advice go?
I see your point. But for instance for X509 certificates, I really would
like to not make any statement and point to whatever equivalent of PKIX
documents there are on that. Does the TLS WG have any documents on
crypto agility for PKIX?
The TLS list currently has a thread about whether TLS 1.3 should prohibit SHA-1
only in signatures or also in the certificate chain.
https://mailarchive.ietf.org/arch/msg/tls/-1LxtUHZTQXvvMVsLR4jzp79q9E
It’s not decided yet, but they *are* prohibiting SHA-1 in the protocol
(CertificateVerify message), and current spec prohibits server certificate
signed with SHA-1 (only EE certificate) when another certificate exists.
For TLS, the industry is moving faster than the WG on this. Chrome
warnings are causing people to migrate to all-SHA256 certificate chains
soon. IKE often works with custom certs and private CAs, so the IPsec
community needs to set its own standards.
Thanks,
Yaron
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
