Re: [Uta] Remarks on bcp-tls-sheffer-01

Peter Saint-Andre <stpeter@stpeter.im> Mon, 03 February 2014 17:12 UTC

Message-ID: <52EFCDE1.8090202@stpeter.im>
Date: Mon, 03 Feb 2014 10:12:01 -0700
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Ralph Holz <holz@net.in.tum.de>, uta@ietf.org
References: <CACsn0c=S3y0yu0UBmVkes-O0AjtCM3JBGWDUgiP1UPum_ZrP8g@mail.gmail.com> <52C4A889.4000806@akr.io> <52EFCAC2.1090109@stpeter.im> <52EFCCA7.5000602@net.in.tum.de>
In-Reply-To: <52EFCCA7.5000602@net.in.tum.de>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Subject: Re: [Uta] Remarks on bcp-tls-sheffer-01
Precedence: list

On 2/3/14, 10:06 AM, Ralph Holz wrote:
> Hi,
>
>>> • Certificates MUST use at least SHA-1 (and MUST NOT use MD2 or MD5).
>>> • Certificates SHOULD use SHA-256 - this is preferable, if your clients
>>>     support this.
>>>     - Insert notes on which ones do and don't? Is this still a problem?
>>>     - If not, make SHA-256 a MUST.
>>
>> A small note about some non-HTTP software: in late 2012 I obtained a
>> certificate for the jabber.org IM service with a SHA-256 fingerprint. As
>> a result, many IM clients and peer servers were unable to connect, and I
>> decided it was necessary to revoke that certificate and instead obtain a
>> certificate with a SHA-1 fingerprint.
>>
>> I'm not sure what the state of play is in the browser world.
>
> My take on this is that the BCP is forward-looking, with that term being
> defined as "these should be established practices about six months after
> publication".

That seems right. Although the "c" stands for current, the "b" stands 
for "best". :-)

Peter

-- 
Peter Saint-Andre
https://stpeter.im/

[Uta] Remarks on bcp-tls-sheffer-01 Watson Ladd
Re: [Uta] Remarks on bcp-tls-sheffer-01 Yaron Sheffer
Re: [Uta] Remarks on bcp-tls-sheffer-01 Ilari Liusvaara
Re: [Uta] Remarks on bcp-tls-sheffer-01 Alyssa Rowan
Re: [Uta] Remarks on bcp-tls-sheffer-01 Watson Ladd
Re: [Uta] Remarks on bcp-tls-sheffer-01 Paul Hoffman
Re: [Uta] Remarks on bcp-tls-sheffer-01 Alyssa Rowan
Re: [Uta] Remarks on bcp-tls-sheffer-01 Alyssa Rowan
Re: [Uta] Remarks on bcp-tls-sheffer-01 Paul Hoffman
Re: [Uta] Remarks on bcp-tls-sheffer-01 Ilari Liusvaara
Re: [Uta] Remarks on bcp-tls-sheffer-01 Alyssa Rowan
Re: [Uta] Remarks on bcp-tls-sheffer-01 Watson Ladd
Re: [Uta] Remarks on bcp-tls-sheffer-01 Ilari Liusvaara
Re: [Uta] Remarks on bcp-tls-sheffer-01 Rob Stradling
Re: [Uta] Remarks on bcp-tls-sheffer-01 Nikos Mavrogiannopoulos
Re: [Uta] Remarks on bcp-tls-sheffer-01 Ivan Ristic
Re: [Uta] Remarks on bcp-tls-sheffer-01 Alyssa Rowan
Re: [Uta] Remarks on bcp-tls-sheffer-01 Yaron Sheffer
Re: [Uta] Remarks on bcp-tls-sheffer-01 Ivan Ristic
Re: [Uta] Remarks on bcp-tls-sheffer-01 Watson Ladd
Re: [Uta] Remarks on bcp-tls-sheffer-01 Peter Saint-Andre
Re: [Uta] Remarks on bcp-tls-sheffer-01 Ralph Holz
Re: [Uta] Remarks on bcp-tls-sheffer-01 Peter Saint-Andre