W3C home > Mailing lists > Public > public-xmlsec@w3.org > December 2010

RE: Conformance section for XML Signature 2.0

From: Cantor, Scott E. <cantor.2@osu.edu>
Date: Tue, 21 Dec 2010 15:39:59 +0000
To: "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>, "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <7EE86E89365CA94F8E7B8251F926071002472E@CIO-KRC-D1MBX01.osuad.osu.edu>
> We should discuss whether in 2.0 mode the SHA-1 algorithms should be
> disallowed, and only allowed in compatibility mode (or not)

Red Hat 4's openssl library does not in fact support SHA-2, and is not EOL until February of 2015. Generally people don't upgrade until after the EOL date. So my preference is not to preclude SHA-1 in conjunction with the new signature model, because what we say has zero impact on what people will do with their OS deployments. The effect is to prevent adoption of the new model for some applications, which I think is a net negative.

My opinion, anyway.

-- Scott
Received on Tuesday, 21 December 2010 15:41:15 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 21 December 2010 15:42:11 GMT