W3C home > Mailing lists > Public > public-xmlsec@w3.org > June 2009

ACTION-304 Share information on status of RIPEMD-160 and strength to mailing list

From: Kelvin Yiu <kelviny@exchange.microsoft.com>
Date: Fri, 5 Jun 2009 17:10:29 -0700
To: XMLSec WG Public List <public-xmlsec@w3.org>
Message-ID: <EF8BB8116404AE42A67EF8BECBC14487BE20CF38@DF-POINTER-MSG.exchange.corp.microsoft.com>
Here are a couple of references to the depreciation of RIPEMD-160 from BSI.

Original: http://www.bsi.bund.de/esig/algo_entw1_09.pdf 
(Unofficial?) English translation: http://www.bundesnetzagentur.de/media/archive/13617.pdf

Basically RIPEMD-160 can be used in qualified signatures until the end of 2010 although you are allowed to use it to verify qualified certificates issued prior to the deadline until the end of 2014. 

I couldn't find any references to RIPEMD-160 vulnerabilities, so I may have been confused with the original RIPEMD vulnerabilities.

Kelvin
Received on Saturday, 6 June 2009 00:11:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:58 GMT