Looking through the algorithms table in the editor's draft: http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/#sec-AlgID ... I notice that we have ample warning in the section on digest algorithms, but less (and different) in the section on signature algorithms. Specifically: 1. HMAC-SHA1 is mandatory to implement, but discouraged to use. 2. DSA-SHA1 is mandatory to implement for verification, and optional for signature generation. 3. We do not give any admonishment for RSA-SHA1 (which remains recommended), and for the optional ECDSA-SHA1. Thoughts? -- Thomas Roessler, W3C <tlr@w3.org>Received on Tuesday, 9 June 2009 10:51:21 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:58 GMT