[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SHA 1 vs. SHA 256 for Root CA

To: "ROGER YOUNGLOVE" <ryounglove1@xxxxxxx>, ietf-pkix@xxxxxxx
Subject: Re: SHA 1 vs. SHA 256 for Root CA
From: Russ Housley <housley@xxxxxxxxxxxx>
Date: Mon, 29 Jan 2007 11:22:37 -0500
In-reply-to: <BAY106-F33A6ECAF0FBDCF9F789787FCA70@xxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <BAY106-F33A6ECAF0FBDCF9F789787FCA70@xxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx


Roger:

I strongly encourage the use of SHA-256 (over SHA-1) for a signaturethat needs to stand for 20 years.


What key size are you choosing that will also be acceptable in 2027?

Russ


At 09:38 AM 1/29/2007, ROGER YOUNGLOVE wrote:

We are standing up a number of CAs (Selfsigned Root, Policy and Issueing).
The question has come up with the Microsoft CA product we have theability to chose SHA 1, SHA 256, SHA 512. i believe that SHA1 is notsufficent for a 20 year root CA lifespan. I need expert support formoving to SHA 256 at a minimum.
Roger Younglove
Principal Consultant
Ford Motor Company

Follow-Ups:
- Re: SHA 1 vs. SHA 256 for Root CA
  - From: Mike

References:
- SHA 1 vs. SHA 256 for Root CA
  - From: ROGER YOUNGLOVE

Prev by Date: RE: SHA 1 vs. SHA 256 for Root CA
Next by Date: Re: asn.1 modules in 3280bis
Previous by thread: RE: SHA 1 vs. SHA 256 for Root CA
Next by thread: Re: SHA 1 vs. SHA 256 for Root CA
Index(es):
- Date
- Thread