- From: Bruce Rich <brich@us.ibm.com>
- Date: Thu, 16 Sep 2010 12:26:01 -0500
- To: public-xmlsec@w3.org
- Message-ID: <OF6FBBDB5C.8CF7E3ED-ON862577A0.005FAA12-862577A0.005FC48C@us.ibm.com>
Getting this back on list Bruce A Rich brich at-sign us dot ibm dot com ----- Forwarded by Bruce Rich/Austin/IBM on 09/16/2010 12:24 PM ----- From: "Scott Cantor" <cantor.2@osu.edu> To: Bruce Rich/Austin/IBM@IBMUS, <public-xmlsec-request@w3.org> Date: 09/16/2010 12:13 PM Subject: RE: ACTION-665: Devise proposal for X509SerialNumber > I was OK with everything but the SHA-1 default. I think a better default > would be SHA-256. I won't fight it, I just think in practice it will create headaches. I was also staying with the default thumbprint that is found in WSS and in most certificate tools (and there's also the fact that the TLS channel bindings RFC defines the hash algorithm to use for endpoint CB based on the hash used in the cert. That's normally SHA-1.) Is there reason to think most CAs are going to be switching to SHA-2 soon? None of this is to say we can't choose whatever we want, just explaining my reasoning. -- Scott
Received on Thursday, 16 September 2010 17:26:38 UTC