W3C home > Mailing lists > Public > public-xmlsec@w3.org > September 2010

RE: X509IssuerSerial alternatives in WS Security specification

From: Scott Cantor <cantor.2@osu.edu>
Date: Tue, 14 Sep 2010 15:48:41 -0400
To: "'Pratik Datta'" <pratik.datta@oracle.com>, <public-xmlsec@w3.org>
Message-ID: <01f601cb5445$d58ff890$80afe9b0$@osu.edu>
> Can you explain what you mean by 'hash-agile' and 'parallel-hash'  ?

Hash agile means the ability to use different hash algorithms (and identify
which one you used, obviously). This is so things don't break when SHA-1
finally keels over.

By parallel, he just meant a KeyInfo could identify a key via multiple
different hashes using different algorithms. I send you SHA-1 and SHA-256,
and if you can't handle one, you just use the other.

I'm saying the former is clearly needed if we do this, and the latter is
free, since KeyInfo and X509Data are both collections. It's no different
than multiple KeyNames or multiple X509Certificates.

-- Scott
Received on Tuesday, 14 September 2010 19:49:16 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:14 UTC