> On 22 May 2017, at 20:27, Benjamin Kaduk <bka...@akamai.com> wrote: > > On 05/22/2017 12:17 PM, Viktor Dukhovni wrote: >>> On May 22, 2017, at 1:06 PM, Benjamin Kaduk <bka...@akamai.com> >>> <mailto:bka...@akamai.com> wrote: >>> >>> Given the apparent strength of opinion against removing these supposed >>> restrictions entirely, it seems like this text (or something similar) is >>> probably the best we can do. >> Perhaps so, but I saw only one strong objection from Dave Garrett. Is that > > There was also some discussion when this text was originally going in, IIRC. > But I do not remember well enough to say who/how many people wanted it.
This came up in one of the F2F meetings. I believe I argued that we shouldn’t have PKIX policy in a TLS document, because if signing certificates with SHA-1 is bad, it’s bad for all users of certificates, and should be prohibited by a PKIX document, not a TLS document. The room was against me then. So it may look now like it’s just Dave (and now Rich), there was more support for this at the time. Yoav
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
