[Top] [All Lists]

Re: Support for hash algorithms other than SHA-1

2005-06-27 22:12:09

On Jun 27, 2005, at 9:59 PM, Peter Gutmann wrote:
Blake Ramsdell <blake(_at_)sendmail(_dot_)com> writes:

Personally, I would upgrade 384 and 512 to SHOULD (no "+"). The semantic of
that is "there may exist valid reasons in particular circumstances to
ignore". If you can't do 64-bit easily or the performance makes you crabby, then you can invoke that clause. I don't really feel strongly enough about it
to fight for this though.

I would argue strongly for just having a single algorithm to support

Sounds like a trend to me.

So Russ's's elaboration on your suggestion, resummarized by me here:

On Jun 27, 2005, at 10:51 AM, Russ Housley wrote:
So, building on what Peter Gutmann suggested:

      sha1WithRSAEncryption would be a MUST-

      sha224WithRSAEncryption would be a MAY

      sha256WithRSAEncryption would be a SHOULD+

      sha384WithRSAEncryption would be a MAY

      sha512WithRSAEncryption  would be a MAY

Seems to reflect where you, Paul, Russ and I come down on this.

Blake Ramsdell | Sendmail, Inc. |