[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: Re: [TLS] consensus on backwards compatibility changes
From: Florian Weimer <fweimer () redhat ! com>
Date: 2015-01-29 10:01:57
Message-ID: 54CA0515.5090506 () redhat ! com
[Download RAW message or body]
On 01/28/2015 09:42 PM, Martin Rex wrote:
> There are several serious design flaws (resulting in serious weaknesses)
> in the TLSv1.2 signature algorithm extension, however. TLSv1.2 is the
> only TLS protocol version where (rsa,md5) is a valid signature algorithm
> for creating "digitally-signed" PDUs (ServerKeyExchange and
> CertificateVerify), and that was a terribly stupid decision.
> Even (rsa,sha1) is significantly weaker than what every prior TLS
> protocol version, including SSLv3 had been using (rsa,sha1+md5).
Yes, that's what I meant, or more precisely, the {rsa,sha1} default in
case of a missing TLS extension (which includes SSLv2 Client Hello case).
--
Florian Weimer / Red Hat Product Security
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic