- From: Tom Gindin <tgindin@us.ibm.com>
- Date: Tue, 30 Apr 2002 08:14:16 -0400
- To: reagle@w3.org
- Cc: aleksey@aleksey.com, Donald Eastlake 3rd <dee3@torque.pothole.com>, xml-encryption@w3.org
FIPS 180-2 is expected to supersede FIPS 180-1, which is why it contains SHA-1 as well as the three new ones. While they keep FIPS standards which have been superseded around for a while, you can no longer get FIPS 46-2 (lifetime 1993-99) from the FIPS index under CSRC, nor from the main FIPS page. We might as well leave in both references, and note that when FIPS 180-2 is finalized it will supersede FIPS 180-1 and replace it as the normative reference for SHA-1, as well as providing one for the other SHA's. Tom Gindin Joseph Reagle <reagle@w3.org>@w3.org on 04/29/2002 04:21:48 PM Please respond to reagle@w3.org Sent by: xml-encryption-request@w3.org To: aleksey@aleksey.com cc: Donald Eastlake 3rd <dee3@torque.pothole.com>, xml-encryption@w3.org Subject: What do we do with our SHA References? (Was: What do we do with our CMS References?) On Monday 29 April 2002 12:46, Aleksey Sanin wrote: > Yes, it is correct now. Probably the wrong version was cached by my > browser. I also think that it's a good idea to note that SHA2 algorithms > (SHA256/SHA512) > are also in the "draft" stage. Presently the reference says: SHA Secure Hash Standard. NIST FIPS 180-1. April 1995. http://www.itl.nist.gov/fipspubs/fip180-1.htm (Being extended to cover SHA-256 and SHA-512. See Draft FIPS 180-2.) (http://csrc.nist.gov/encryption/shs/dfips-180-2.pdf Should we break this apart in to a SHA1 and SHA2 reference? Don, I think the "being extended" is your text, though I'm not sure what it means and I'm not that familiar with FIPSs. Will they still consider it the same standard, or FIPS 180-2 is a distinct specification (that supercede 180-1, but 180-1 can still be referenced)? Also, in the CMS references, for the text we rely upon we include in-line in our spec, so we are protected from changes to those specifications. However, we don't do that for SHA2 -- and I wouldn't want to. Do folks know what the plans are for that spec? Is it likely to change at all?
Received on Tuesday, 30 April 2002 08:15:08 UTC