rfc:distrust-sha1-certificates
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision |
rfc:distrust-sha1-certificates [2017/05/29 10:54] – update to new mechanism kelunik | rfc:distrust-sha1-certificates [2017/05/29 10:55] – fix typo kelunik |
---|
===== Proposal ===== | ===== Proposal ===== |
| |
This RFC proposes to introduce a new ''"min_signature_bits"'' context option to restrict the accepted certificate message digests. The RFC proposes to set this option to ''128'' (accepting SHA2 and better) by default, allowing ''80'' (accepting also SHA1) to be set for legacy applications, but it is strongly advised doing so. This setting will be applied to all certificates that are not in the trust store. | This RFC proposes to introduce a new ''"min_signature_bits"'' context option to restrict the accepted certificate message digests. The RFC proposes to set this option to ''128'' (accepting SHA2 and better) by default, allowing ''80'' (accepting also SHA1) to be set for legacy applications, but this is strongly discouraged. This setting will be applied to all certificates that are not in the trust store. |
| |
===== Backward Incompatible Changes ===== | ===== Backward Incompatible Changes ===== |
rfc/distrust-sha1-certificates.txt · Last modified: 2017/09/22 13:28 by 127.0.0.1