- From: Scott Cantor <cantor.2@osu.edu>
- Date: Thu, 16 Sep 2010 13:16:05 -0400
- To: <public-xmlsec@w3.org>
Resending to list... > > I was OK with everything but the SHA-1 default. I think a better default > > would be SHA-256. > > I won't fight it, I just think in practice it will create headaches. I was > also staying with the default thumbprint that is found in WSS and in most > certificate tools (and there's also the fact that the TLS channel bindings > RFC defines the hash algorithm to use for endpoint CB based on the hash used > in the cert. That's normally SHA-1.) > > Is there reason to think most CAs are going to be switching to SHA-2 soon? > > None of this is to say we can't choose whatever we want, just explaining my > reasoning. > > -- Scott
Received on Thursday, 16 September 2010 17:16:33 UTC