I am not sure if there is any plan to change this for version 10 of ESS or
it was/will be discussed in Orlando, but I just though that the
identification of certificates in Section 5.4.1 for the Signing Certificate
Attribute Definition should be more flexible and not necessarily be bound
for ever to SHA1. I however agree that SHA1 should be the default digest
algorithm at this point. Instead I suggest that it could read as follows:
ESSCertID ::= SEQUENCE {
certHash CertHash,
issuerSerial IssuerSerial OPTIONAL
}
CertHash ::= SEQUENCE {
digestAlgorithm DigestAlgorithmIdentifier,
digest Digest
}
Digest ::= OCTET STRING -- hash of entire certificate
Francois Rousseau
AEPOS Technologies