W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2008

ISSUE-22 (Is SHA1 good enough?): Is sha1 as a DigestMethod strong enough for Widgets digital signatures?

From: Web Applications Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Fri, 27 Jun 2008 06:02:02 +0000 (GMT)
To: public-webapps@w3.org
Message-Id: <20080627060202.172D66B62B@tibor.w3.org>

ISSUE-22 (Is SHA1 good enough?): Is sha1 as a DigestMethod strong enough for Widgets digital signatures?

http://www.w3.org/2008/webapps/track/issues/

Raised by: Josh Soref
On product: 

The widgets 1.0: Digital Signature specification currently mandates that the DigestValue be calculated using RSA-SHA1(and indicated as such by the DigestMethod). However, weaknesses have been found in SHA1 [1]. So would some other DigestMethod be more appropriate? does it really matter that SHA1 has been "broken" for this use case?

[1] http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
Received on Friday, 27 June 2008 06:03:45 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:26 GMT