W3C home > Mailing lists > Public > public-xmlsec@w3.org > September 2010

Fw: ACTION-665: Devise proposal for X509SerialNumber

From: Bruce Rich <brich@us.ibm.com>
Date: Thu, 16 Sep 2010 12:26:01 -0500
To: public-xmlsec@w3.org
Message-ID: <OF6FBBDB5C.8CF7E3ED-ON862577A0.005FAA12-862577A0.005FC48C@us.ibm.com>
Getting this back on list

Bruce A Rich
brich at-sign us dot ibm dot com

----- Forwarded by Bruce Rich/Austin/IBM on 09/16/2010 12:24 PM -----

From:   "Scott Cantor" <cantor.2@osu.edu>
To:     Bruce Rich/Austin/IBM@IBMUS, <public-xmlsec-request@w3.org>
Date:   09/16/2010 12:13 PM
Subject:        RE: ACTION-665: Devise proposal for X509SerialNumber

> I was OK with everything but the SHA-1 default.  I think a better 
> would be SHA-256.

I won't fight it, I just think in practice it will create headaches. I was
also staying with the default thumbprint that is found in WSS and in most
certificate tools (and there's also the fact that the TLS channel bindings
RFC defines the hash algorithm to use for endpoint CB based on the hash 
in the cert. That's normally SHA-1.)

Is there reason to think most CAs are going to be switching to SHA-2 soon?

None of this is to say we can't choose whatever we want, just explaining 
-- Scott
Received on Thursday, 16 September 2010 17:26:38 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:14 UTC