- From: Thomas Roessler <tlr@w3.org>
- Date: Tue, 9 Jun 2009 12:51:13 +0200
- To: XMLSec WG Public List <public-xmlsec@w3.org>
Looking through the algorithms table in the editor's draft: http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/#sec-AlgID ... I notice that we have ample warning in the section on digest algorithms, but less (and different) in the section on signature algorithms. Specifically: 1. HMAC-SHA1 is mandatory to implement, but discouraged to use. 2. DSA-SHA1 is mandatory to implement for verification, and optional for signature generation. 3. We do not give any admonishment for RSA-SHA1 (which remains recommended), and for the optional ECDSA-SHA1. Thoughts? -- Thomas Roessler, W3C <tlr@w3.org>
Received on Tuesday, 9 June 2009 10:51:21 UTC