Russ Housley <housley(_at_)vigilsec(_dot_)com> writes:
Section 184.108.40.206 of RFC 3851 says:
The SHA-256, SHA-384, and SHA-512 algorithms [FIPS180-2] are not
currently recommended in S/MIME, and are included here for
I think it is time to revisit this decision. I think the standard needs to
accept longer hash functions, at least with the RSA signature algorithm.
I'm not sure if this is meant as a call for votes, but making at least SHA-256
a SHOULD gets my grunt of approval.
(The reason for specifically mentioning SHA-256 is that the larger ones require
64-bit ops that are painful to handle on a number of systems).