W3C home > Mailing lists > Public > public-xmlsec@w3.org > September 2010

Fw: ACTION-665: Devise proposal for X509SerialNumber

From: Bruce Rich <brich@us.ibm.com>
Date: Thu, 16 Sep 2010 12:26:01 -0500
To: public-xmlsec@w3.org
Message-ID: <OF6FBBDB5C.8CF7E3ED-ON862577A0.005FAA12-862577A0.005FC48C@us.ibm.com>
Getting this back on list

Bruce A Rich
brich at-sign us dot ibm dot com

----- Forwarded by Bruce Rich/Austin/IBM on 09/16/2010 12:24 PM -----

From:   "Scott Cantor" <cantor.2@osu.edu>
To:     Bruce Rich/Austin/IBM@IBMUS, <public-xmlsec-request@w3.org>
Date:   09/16/2010 12:13 PM
Subject:        RE: ACTION-665: Devise proposal for X509SerialNumber



> I was OK with everything but the SHA-1 default.  I think a better 
default
> would be SHA-256.

I won't fight it, I just think in practice it will create headaches. I was
also staying with the default thumbprint that is found in WSS and in most
certificate tools (and there's also the fact that the TLS channel bindings
RFC defines the hash algorithm to use for endpoint CB based on the hash 
used
in the cert. That's normally SHA-1.)

Is there reason to think most CAs are going to be switching to SHA-2 soon?

None of this is to say we can't choose whatever we want, just explaining 
my
reasoning.
 
-- Scott
Received on Thursday, 16 September 2010 17:26:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 16 September 2010 17:26:39 GMT