Dear Donald Eastlake,
Giving the advances in SHA-1 collision search where first collisions may
be expected in even less than a year and given that national
legislations explicitly require collision free hash functions and may
exclude SHA-1 immediately after first collisions, alternatives in
XMLDSIG are needed. In the ECDSA signature suites this is so far limited
to the SHA-2 family -- no SignatureMethod Algorithm URI exists.
As several widely deployed ECDSA solutions (e.g. smartcards) are
technically limited to 160 bit hash functions where RIPEMD160 is the
valid alternative, the risk exists that vendors or CAs are forced to
deploy proprietary EDCSA-XMLDSIG -- RIPEMD160 solutions.
Therefore, an URI for ECDSA (ANSI X 9.62) with RIPMD160 is urgently needed.
We suggest to use the fragment #ecdsa-ripemd160 to be used in the
xmldsig-more namespace.
http://www.w3.org/2001/04/xmldsig-more#ecdsa-ripemd160
We further propose to add the following Sentence to
http://tools.ietf.org/html/rfc4051#section-2.3.6 .
"The #ecdsa-ripemd160 fragment of this namespace identifies a signature
method processed in the same way as specified by the #ecdsa-sha1
fragment of this namespace with the exception that RIPEMD160 is used
instead of SHA-1."
kind regards
Konrad Lanz
--
A-SIT
Konrad Lanz, IAIK/SIC - Graz University of Technology
Inffeldgasse 16a, 8010 Graz, Austria
Tel: +43 316 873 5547
Fax: +43 316 873 5520
https://www.iaik.tugraz.at/aboutus/people/lanz
http://jce.iaik.tugraz.at
Certificate chain (including the EuroPKI root certificate):
https://europki.iaik.at/ca/europki-at/cert_download.htm