- From: Kelvin Yiu <kelviny@exchange.microsoft.com>
- Date: Fri, 5 Jun 2009 17:10:29 -0700
- To: XMLSec WG Public List <public-xmlsec@w3.org>
Here are a couple of references to the depreciation of RIPEMD-160 from BSI. Original: http://www.bsi.bund.de/esig/algo_entw1_09.pdf (Unofficial?) English translation: http://www.bundesnetzagentur.de/media/archive/13617.pdf Basically RIPEMD-160 can be used in qualified signatures until the end of 2010 although you are allowed to use it to verify qualified certificates issued prior to the deadline until the end of 2014. I couldn't find any references to RIPEMD-160 vulnerabilities, so I may have been confused with the original RIPEMD vulnerabilities. Kelvin
Received on Saturday, 6 June 2009 00:11:09 UTC