[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SHA 1 vs. SHA 256 for Root CA

To: ietf-pkix@xxxxxxx
Subject: Re: SHA 1 vs. SHA 256 for Root CA
From: Mike <mike-list@xxxxxxxxx>
Date: Mon, 29 Jan 2007 10:16:12 -0800
In-reply-to: <7.0.0.16.2.20070129111756.04ab17b0@xxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <BAY106-F33A6ECAF0FBDCF9F789787FCA70@xxxxxxx> <7.0.0.16.2.20070129111756.04ab17b0@xxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.9 (Windows/20061207)


What RFC defines the OID's, etc. for RSA with SHA-256 et. al.?
Is there a DSA standard that uses SHA-256?

Thanks,

Mike

Russ Housley wrote:

Roger:
I strongly encourage the use of SHA-256 (over SHA-1) for a signaturethat needs to stand for 20 years.
What key size are you choosing that will also be acceptable in 2027?

Russ


At 09:38 AM 1/29/2007, ROGER YOUNGLOVE wrote:
We are standing up a number of CAs (Selfsigned Root, Policy andIssueing).The question has come up with the Microsoft CA product we have theability to chose SHA 1, SHA 256, SHA 512. i believe that SHA1 is notsufficent for a 20 year root CA lifespan. I need expert support formoving to SHA 256 at a minimum.
Roger Younglove
Principal Consultant
Ford Motor Company

Follow-Ups:
- Re: SHA 1 vs. SHA 256 for Root CA
  - From: Russ Housley

References:
- SHA 1 vs. SHA 256 for Root CA
  - From: ROGER YOUNGLOVE
- Re: SHA 1 vs. SHA 256 for Root CA
  - From: Russ Housley

Prev by Date: RE: SHA 1 vs. SHA 256 for Root CA
Next by Date: RE: SHA 1 vs. SHA 256 for Root CA
Previous by thread: Re: SHA 1 vs. SHA 256 for Root CA
Next by thread: Re: SHA 1 vs. SHA 256 for Root CA
Index(es):
- Date
- Thread