[Top] [All Lists]

Re: Support for hash algorithms other than SHA-1

2005-06-22 18:15:09

Russ Housley <housley(_at_)vigilsec(_dot_)com> writes:

Section of RFC 3851 says:

   The SHA-256, SHA-384, and SHA-512 algorithms [FIPS180-2] are not
   currently recommended in S/MIME, and are included here for

I think it is time to revisit this decision.  I think the standard needs to
accept longer hash functions, at least with the RSA signature algorithm.

I'm not sure if this is meant as a call for votes, but making at least SHA-256
a SHOULD gets my grunt of approval.

(The reason for specifically mentioning SHA-256 is that the larger ones require
64-bit ops that are painful to handle on a number of systems).