W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2005

Re: Broken SHA-1

From: Berin Lautenbach <berin@wingsofhermes.org>
Date: Fri, 18 Feb 2005 19:59:47 +1100
Message-ID: <4215AE83.7010907@wingsofhermes.org>
To: w3c-ietf-xmldsig@w3.org

I'm interested in this one as well.

The encryption spec has defined URIs for SHA256, SHA512 and RIPEMD-160. 
  Within encryption - they are optional to support.  Many of the 
implementations implement these (presumably within signatures as well as 
encryption), but should there be something from the standards body that 
mandates implementation (maybe within some time frame) of one or more of 
them to ensure interoperability as people move away from SHA-1?

Cheers,
	Berin



Manoj K. Srivastava wrote:

> Does the standards body have any plans to allow any alternate digest 
> algorithm?
> 
>  
> 
> http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
> 
>  
> 
> Regards,
> 
> Manoj K. Srivastava
> Infomosaic Corporation
> 2118 Walsh Avenue, Suite 200
> Santa Clara, CA 95050
> Voice: (408) 988-4337
> Fax:   (408) 516-9427
> <http://www.infomosaic.net/>
> 
> Confidentiality Notice: This e-mail message, including any attachments, is
> for the sole use of the intended recipient(s) and may contain confidential
> and/or privileged information. Any unauthorized review, use, disclosure or
> distribution is prohibited. If you are not the intended recipient, Please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
> 
>  
> 
>  
> 
Received on Friday, 18 February 2005 09:00:44 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.30 : Friday, 18 February 2005 09:00:44 GMT