[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SHA 1 vs. SHA 256 for Root CA

To: <ietf-pkix@xxxxxxx>
Subject: RE: SHA 1 vs. SHA 256 for Root CA
From: "Kemp, David P." <DPKemp@xxxxxxxxxxxxxx>
Date: Mon, 29 Jan 2007 15:15:46 -0500
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
Thread-index: AcdD3h/qO7JqAnK5RQq6zjmhDb15TAAAfveg
Thread-topic: SHA 1 vs. SHA 256 for Root CA

Is this still a potential issue for Issuing CA certificates signed
with the root key, particularly if the profile permits non-critical
extensions?

-----Original Message-----
From: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-pkix@xxxxxxxxxxxx]
On Behalf Of Stephen Kent
Sent: Monday, January 29, 2007 1:45 PM
To: ROGER YOUNGLOVE
Cc: ietf-pkix@xxxxxxx
Subject: RE: SHA 1 vs. SHA 256 for Root CA

At 12:36 PM -0500 1/29/07, ROGER YOUNGLOVE wrote:
>Gentlemen,
>Thank you for the rapid response. One thing I did not mention was 
>that we are using a Micorsoft CA implentation from Windows Server 
>2003 EE.
>We just found out that this CA product does not recognize SHA 256 or 
>above even though it is an option.
>
>
>
>TTFN
>Roger Younglove

OK. Guess that narrows the options a bit :-).

Also, upon further reflection, I agree that since this is a 
self-signed cert, which presumably has been delivered via an 
out-of-band path that is considered integrity secure, the concerns 
over use of SHA-1 may be overstated.

Steve

References:
- RE: SHA 1 vs. SHA 256 for Root CA
  - From: Stephen Kent

Prev by Date: Re: SHA 1 vs. SHA 256 for Root CA
Next by Date: Re: SHA 1 vs. SHA 256 for Root CA
Previous by thread: RE: SHA 1 vs. SHA 256 for Root CA
Next by thread: RE: SHA 1 vs. SHA 256 for Root CA
Index(es):
- Date
- Thread