[Top] [All Lists]

Re: Support for hash algorithms other than SHA-1

2005-06-27 10:52:06


Is there something to be done for the CERT profile also?

The needed OIDs have already been published in RFC 4055:

      sha224WithRSAEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 14 }

      sha256WithRSAEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 11 }

      sha384WithRSAEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 12 }

      sha512WithRSAEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 13 }

I think it is just a matter of deciding which ones are MUST, SHOULD, and MAY.

I would advocate the use of MUST- and SHOULD+ as was done in the IPsec WG. MUST- means that the algorithm is currently required for interoperability, but it is likely to drop to a SHOULD whenever the specification is updated. SHOULD+ means that the algorithm is likely to be elevated to a MUST the next time around. I like this approach because it tells product planners what to expect.

So, building on what Peter Gutmann suggested:

      sha1WithRSAEncryption would be a MUST-

      sha224WithRSAEncryption would be a MAY

      sha256WithRSAEncryption would be a SHOULD+

      sha384WithRSAEncryption would be a MAY

      sha512WithRSAEncryption  would be a MAY

Unfortunately, I do not have a similar recommendation for DSA. SHA-1 still seems to be the only supported one-way hash function. I expect that to change soon, but it has not happened yet.