W3C home > Mailing lists > Public > public-xmlsec@w3.org > December 2009

Add warnings to Signature 1.1 and 1.1 requirements on SHA-1?

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Fri, 11 Dec 2009 08:58:04 -0500
Message-Id: <083BD9CF-6181-4907-BD54-F3A8866B851A@nokia.com>
To: XMLSec WG Public List <public-xmlsec@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
Do we need more text in XML Signature 1.1 regarding the suitability  
(or lack thereof) of SHA-1, and maybe a reference to the NIST  
recommendation to use SHA2 going forward from 2010 as well as the  
crypto regarding SHA-1?

We probably also need to add this to the 1.1 requirements as well.

Does anyone have a good pointer to a paper outlining why SHA-1 is no  
longer suitable?

Is the suitable NIST reference the following, or is there a better one?

[[ March 15, 2006: The SHA-2 family of hash functions (i.e., SHA-224,
SHA-256, SHA-384 and SHA-512) may be used by Federal agencies for all
applications using secure hash algorithms. Federal agencies should
stop using SHA-1 for digital signatures, digital time stamping and
other applications that require collision resistance as soon as
practical, and must use the SHA-2 family of hash functions for these
applications after 2010. After 2010, Federal agencies may use SHA-1
only for the following applications: hash-based message authentication
codes (HMACs); key derivation functions (KDFs); and random number
generators (RNGs). Regardless of use, NIST encourages application and
protocol designers to use the SHA-2 family of hash functions for all
new applications and protocols. ]]

http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html

regards, Frederick

Frederick Hirsch
Nokia
Received on Friday, 11 December 2009 13:58:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 11 December 2009 13:58:44 GMT