You have some time there and work with client vendors to implement
SHA-256 and next generation SHA.
I would support a random value extension if clients checked for it.
-----Original Message-----
From: Timothy J. Miller [mailto:tmiller(_at_)mitre(_dot_)org]
Sent: Wednesday, December 31, 2008 1:54 PM
To: Santosh Chokhani
Cc: Dr Stephen Henson; ietf-pkix(_at_)imc(_dot_)org;
ietf-smime(_at_)imc(_dot_)org;
cfrg(_at_)irtf(_dot_)org; saag(_at_)ietf(_dot_)org
Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue
CAcertificate
Santosh Chokhani wrote:
So, if you are relying on CAs, why not ask them to switch to SHA-1 as
opposed to adding more software to the CA. SHA-1 is purely a
configuration item for the CA deployments.
Because someday SHA-1 (and SHA-2, or any hash algorithm) may be subject
to a similar collision generation attack, and the presence of
unpredictable data in the cert will defeat it as well.
Just trying to be proactive here.
-- Tim