W3C home > Mailing lists > Public > public-xmlsec@w3.org > September 2010

RE: ACTION-665: Devise proposal for X509SerialNumber

From: Scott Cantor <cantor.2@osu.edu>
Date: Thu, 16 Sep 2010 13:16:05 -0400
To: <public-xmlsec@w3.org>
Message-ID: <018301cb55c2$d8bf4060$8a3dc120$@osu.edu>
Resending to list...

> > I was OK with everything but the SHA-1 default.  I think a better
default
> > would be SHA-256.
> 
> I won't fight it, I just think in practice it will create headaches. I was
> also staying with the default thumbprint that is found in WSS and in most
> certificate tools (and there's also the fact that the TLS channel bindings
> RFC defines the hash algorithm to use for endpoint CB based on the hash
used
> in the cert. That's normally SHA-1.)
> 
> Is there reason to think most CAs are going to be switching to SHA-2 soon?
> 
> None of this is to say we can't choose whatever we want, just explaining
my
> reasoning.
> 
> -- Scott
Received on Thursday, 16 September 2010 17:16:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 16 September 2010 17:16:34 GMT