Re: MD Algorithm for v3 Certificates

Given that many of us are planning the migration to X.509 v3 certificates, is 
this an appropriate opportunity to also change the certificate signing

algorithm >from md2WithRSAEncryption to md5WithRSAEncryption?  How do CA
implementors feel >about an informal agreement to all use MD5 for RSA v3
certificates, pending some >more formal standard establishment?


Warwick


Sounds very reasonable to me.

BTW, I am increasingly concerned that there has not been any move to establish
a formal group to look at the various V3 PDAM options and make some decisions
regarding which fields should be considered high priority to implement, which
may not be needed at all, etc. You and I have had some discussion regarding a
couple of these issues, but I don't think we have come to closure yet, and I'm
sure that some of the other players might have some valuable contributions to
make.

I'm not sure what the appropriate venue is for this discussion. With the
significant and increasing interest in electronic payment protocols, notably
the IBM iKP protocol which uses digital signatures and requires an evolving CA
infrastructure, the scope is certainly significantly larger than just the
privacy enhanced mail community. I'm not opposed to carrying out the discussion
on the pem-dev board by default, but the change in scope and orientation might
bother some of the traditional pem developers and I don't want to see the
progress get sidetracked. On the other hand, I don't want to ignore or overlook
some of the other communities that might have a legitimate interest.

I would also be interested in your feeling as to the timeline for this work.

From my perspective, there are several applications I am aware of that need

this kind of definitional agreement almost immediately, with everything wrapped
up and done with by December. If that can't happen within the IETF I think we
may have serious interoperability problems, as the applications can't wait.

Bob



--------------------------------
"Robert R. Jueneman" <Jueneman(_at_)gte(_dot_)com>
Staff Scientist, Wireless and Secure Systems Laboratory
GTE Laboratories, 40 Sylvan Road, Waltham, MA 02254
Waltham office: Voice: 1-617-466-2820, FAX: 1-617-466-2603 
Telecommuting: Voice: 1-508-264-0485, FAX: 1-508-264-4165

<Prev in Thread]	Current Thread	[Next in Thread>
MD Algorithm for v3 Certificates, warwick (w.s.) ford Re: MD Algorithm for v3 Certificates, Jueneman <= Re: MD Algorithm for v3 Certificates, Harald . T . Alvestrand Re: MD Algorithm for v3 Certificates, Donald E. Eastlake 3rd Re: MD Algorithm for v3 Certificates, Robert W. Shirey Re: MD Algorithm for v3 Certificates, Donald E. Eastlake 3rd Re: MD Algorithm for v3 Certificates, Valdis . Kletnieks

Previous by Date:	Second CFP - ISOC Symposium on Network and Distributed System SecurityBCC: bcn, Clifford Neuman
Next by Date:	Re: MD Algorithm for v3 Certificates, Harald . T . Alvestrand
Previous by Thread:	MD Algorithm for v3 Certificates, warwick (w.s.) ford
Next by Thread:	Re: MD Algorithm for v3 Certificates, Harald . T . Alvestrand
Indexes:	[Date] [Thread] [Top] [All Lists]