Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:99237 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 60254 invoked from network); 29 May 2017 20:16:54 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 29 May 2017 20:16:54 -0000 Authentication-Results: pb1.pair.com header.from=me@kelunik.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=me@kelunik.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain kelunik.com from 81.169.146.218 cause and error) X-PHP-List-Original-Sender: me@kelunik.com X-Host-Fingerprint: 81.169.146.218 mo4-p00-ob.smtp.rzone.de Received: from [81.169.146.218] ([81.169.146.218:19566] helo=mo4-p00-ob.smtp.rzone.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id DF/D6-34073-5B18C295 for ; Mon, 29 May 2017 16:16:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1496089011; l=2398; s=domk; d=kelunik.com; h=Content-Type:Cc:To:Subject:Date:From:References:In-Reply-To: MIME-Version; bh=LM5JoDofUJdvTcSYSxYCZlH1gI9Naxu1k4a/lymvnSE=; b=yghnhKBEzB1Y8ryhdIbEndTRjCofVYN055xm/S1vA0q+dqsqtjh62RiUn+WzL5UqZJ +kYcX7DHaYURO9joBgjns+YYVJPcivoydKnmFP5TATIH3HUrPLN+gLve/uQOh6nYD9aL tKdQz5XCB2glYP7VKyE+wmRMVgZlV8fZ6ZmSw= X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mls2vWuiu+7SLDup6E67mzuoNHBqT83Q== X-RZG-CLASS-ID: mo00 Received: by mail-oi0-f54.google.com with SMTP id w10so89170044oif.0 for ; Mon, 29 May 2017 13:16:51 -0700 (PDT) X-Gm-Message-State: AODbwcAWfnxWtivAOsTv4PfbXO9O7Zsej8MQnlMof5VbwXITqr3FPZFB RNG6jtf23qsU1PhBFZvEBvKbGbdd7w== X-Received: by 10.202.76.138 with SMTP id z132mr7904473oia.149.1496089010572; Mon, 29 May 2017 13:16:50 -0700 (PDT) MIME-Version: 1.0 Received: by 10.74.176.133 with HTTP; Mon, 29 May 2017 13:16:50 -0700 (PDT) In-Reply-To: References: Date: Mon, 29 May 2017 22:16:50 +0200 X-Gmail-Original-Message-ID: Message-ID: To: Jakub Zelenka Cc: PHP Internals Content-Type: multipart/alternative; boundary="001a1134e75e07165a0550af5ec7" Subject: Re: [RFC] Distrust SHA-1 Certificates From: me@kelunik.com (Niklas Keller) --001a1134e75e07165a0550af5ec7 Content-Type: text/plain; charset="UTF-8" 2017-05-29 22:00 GMT+02:00 Jakub Zelenka : > On Mon, May 29, 2017 at 11:58 AM, Niklas Keller wrote: > >> Morning Internals, >> >> I have updated the RFC to use a "min_signature_bits" setting instead. >> >> > Wouldn't be better use security levels instead as it is in OpenSSL? Of > course I mean just for sig level to not re-implement everything. Basically > having sig_level or something like that... > As we can't use the OpenSSL implementation directly, I don't see any reason to use arbitrary integers there which you have to look up again. Maybe we should fine a totally different way. Regards, Niklas --001a1134e75e07165a0550af5ec7--