W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2005

Re: Broken SHA-1

From: Rich Salz <rsalz@datapower.com>
Date: Fri, 18 Feb 2005 10:38:25 -0500
Message-ID: <42160BF1.8030804@datapower.com>
To: Berin Lautenbach <berin@wingsofhermes.org>
CC: w3c-ietf-xmldsig@w3.org

I suggest the following approach...

Someone (or more) write a W3C Note that defines the "obvious" URI's 
(i.e., in the DSIG namespace) for sha-256, sha-512, and ripemd-160.
In the note say something like
	while not a formal recommendation or standards track RFC, 
implementations complying with this note MUST implement sha256 and 
sha512 and MAY implement RIPEMD160."

Then work to get the W3C Note used as the basis for an XML DSIG errata 
and an IETF RFC.

	/r$

-- 
Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
Received on Friday, 18 February 2005 15:38:39 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.30 : Friday, 18 February 2005 15:38:39 GMT