On Friday, September 02, 2016 07:32:06 am Eric Rescorla wrote: > On Fri, Sep 2, 2016 at 3:42 AM, Ilari Liusvaara <ilariliusva...@welho.com> > wrote: > > I also don't see why this should be in TLS 1.3 spec, instead of being > > its own spec (I looked up how much process BS it would be to get the > > needed registrations: informative RFC would do). > > I also am not following why we need to do this now. The reason we defined > SHA-2 in > a new RFC was because (a) SHA-1 was looking weak and (b) we had to make > significant > changes to TLS to allow the use of SHA-2. This does not seem to be that case.
I don't think we strictly _need_ to do this now, however I think it's a good idea given that we'll need to do it eventually and we can do it now and get people to consider implementing it more easily as part of a larger spec than later as a subsequent standalone. Doing it now gives it far greater visibility and should be relatively simple and quick to do. Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls