RE: ACTION-665: Devise proposal for X509SerialNumber

Resending to list...

> > I was OK with everything but the SHA-1 default.  I think a better
default
> > would be SHA-256.
> 
> I won't fight it, I just think in practice it will create headaches. I was
> also staying with the default thumbprint that is found in WSS and in most
> certificate tools (and there's also the fact that the TLS channel bindings
> RFC defines the hash algorithm to use for endpoint CB based on the hash
used
> in the cert. That's normally SHA-1.)
> 
> Is there reason to think most CAs are going to be switching to SHA-2 soon?
> 
> None of this is to say we can't choose whatever we want, just explaining
my
> reasoning.
> 
> -- Scott

Received on Thursday, 16 September 2010 17:16:33 UTC