Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:99231 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 37952 invoked from network); 29 May 2017 14:03:19 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 29 May 2017 14:03:19 -0000 Authentication-Results: pb1.pair.com header.from=lauri.kentta@gmail.com; sender-id=softfail Authentication-Results: pb1.pair.com smtp.mail=lauri.kentta@gmail.com; spf=softfail; sender-id=softfail Received-SPF: softfail (pb1.pair.com: domain gmail.com does not designate 178.62.210.197 as permitted sender) X-PHP-List-Original-Sender: lauri.kentta@gmail.com X-Host-Fingerprint: 178.62.210.197 k-piste.fi Received: from [178.62.210.197] ([178.62.210.197:58814] helo=k-piste.fi) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 47/74-34073-62A2C295 for ; Mon, 29 May 2017 10:03:18 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=k-piste.fi; s=2017-04-09; h=Message-ID:References:In-Reply-To:Subject:Cc:To:From:Date: Content-Transfer-Encoding:Content-Type:MIME-Version:Sender:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=8pNSrvBPqubLuPPhNU7UHmOqzUDvi4/6KdwFXWQlMzg=; b=M1tPAap8Ga8tKLF9ti9RuSuXnt 2jJXJYlNm9nX4PPXdj262DLPmHnBq4LlYR7WyW7+Ue5eytXRXha5K1Vm9mPHtTILLdUuFxj6InmPV 121HNuJbsHXvNcIyQV5Ti+OBeYIFLO3OuAkCkvtzirTjgCEJ8193sZB85ZxE+SOcWizVcbxfpKjlD yUxKWS+8yfuahbbiiqct7Xkhyb6+LqZwg7gdzfERdk2XfYgU//PwIGqO/edYk4gO7kP+yEppTrAtQ vzAKOR3YVIHVfdacs110nG0PJZYhDRAQ4FJwpyEQMNmc21c1jM4kYh1F2GsgWNOvXT8Ru3mse1VvV E0fYWB1g==; Received: from localhost.localdomain ([::1] helo=k-piste.fi) by k-piste.fi with esmtp (Exim 4.89) (envelope-from ) id 1dFLGM-0006s5-Ux; Mon, 29 May 2017 17:03:15 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Mon, 29 May 2017 17:03:14 +0300 To: Niklas Keller Cc: PHP Internals , Jakub Zelenka In-Reply-To: References: Message-ID: <74a2f26d06af16041d2f31123264b733@gmail.com> X-Sender: lauri.kentta@gmail.com User-Agent: Roundcube Webmail/1.2.5 X-Spam-Score: 0 Subject: Re: [PHP-DEV] Re: [RFC] Distrust SHA-1 Certificates From: lauri.kentta@gmail.com (=?UTF-8?Q?Lauri_Kentt=C3=A4?=) On 2017-05-29 13:58, Niklas Keller wrote: > I have updated the RFC to use a "min_signature_bits" setting instead. At least that name is misleading. Most PHP users would probably wonder why a setting of 128 does not allow the 160-bit hash from SHA-1 or the 512-bit RSA. So the name should be more like "min_cryptographic_strength" (possibly prefixed with "signature_") to make it clear that this is not really about the bits in signature. I'm not totally convinced about this bit approach in general. What happens if SHA-2 is suddenly broken and people move to SHA-3 of the same length? Just my thoughts. -- Lauri Kenttä