Subject: Add warnings to Signature 1.1 and 1.1 requirements on SHA-1? from Martin, Cynthia E. on 2010-01-07 (public-xmlsec@w3.org from January 2010)

From: Martin, Cynthia E. <cemartin@mitre.org>
Date: Wed, 6 Jan 2010 19:14:21 -0500
To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>, Frederick Hirsch <Frederick.Hirsch@nokia.com>
CC: "Martin, Cynthia E." <cemartin@mitre.org>
Message-ID: <6A913BB6ED2E2C43AC275462A83E68490C125E06F5@IMCMBX3.MITRE.ORG>

I don't know if anything else was referenced, but I go here:

http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html

http://www.schneier.com/blog/archives/2005/08/new_cryptanalyt.html=20

It's the first real reference to the issue.

Regards, Cynthia
>
> -----Original Message-----
> From: public-xmlsec-request@w3.org [mailto:public-xmlsec-request@w3.org 
> ] On=
> Behalf Of Frederick Hirsch
> Sent: Friday, December 11, 2009 8:58 AM
> To: XMLSec WG Public List
> Cc: Frederick Hirsch
> Subject: Add warnings to Signature 1.1 and 1.1 requirements on SHA-1?
>
> Do we need more text in XML Signature 1.1 regarding the suitability  
> =20
> (or lack thereof) of SHA-1, and maybe a reference to the NIST =20
> recommendation to use SHA2 going forward from 2010 as well as the =20
> crypto regarding SHA-1?
>
> We probably also need to add this to the 1.1 requirements as well.
>
> Does anyone have a good pointer to a paper outlining why SHA-1 is no  
> =20
> longer suitable?
>
> Is the suitable NIST reference the following, or is there a better  
> one?
>
> [[ March 15, 2006: The SHA-2 family of hash functions (i.e., SHA-224,
> SHA-256, SHA-384 and SHA-512) may be used by Federal agencies for all
> applications using secure hash algorithms. Federal agencies should
> stop using SHA-1 for digital signatures, digital time stamping and
> other applications that require collision resistance as soon as
> practical, and must use the SHA-2 family of hash functions for these
> applications after 2010. After 2010, Federal agencies may use SHA-1
> only for the following applications: hash-based message authentication
> codes (HMACs); key derivation functions (KDFs); and random number
> generators (RNGs). Regardless of use, NIST encourages application and
> protocol designers to use the SHA-2 family of hash functions for all
> new applications and protocols. ]]
>
> http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html
>
> regards, Frederick
>
> Frederick Hirsch
> Nokia
>
>
>
>
>
>

Received on Thursday, 7 January 2010 00:14:56 UTC