[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SHA 1 vs. SHA 256 for Root CA

To: Russ Housley <housley@xxxxxxxxxxxx>
Subject: RE: SHA 1 vs. SHA 256 for Root CA
From: Stephen Kent <kent@xxxxxxx>
Date: Mon, 29 Jan 2007 17:01:22 -0500
Cc: "ROGER YOUNGLOVE" <ryounglove1@xxxxxxx>, ietf-pkix@xxxxxxx
In-reply-to: <7.0.0.16.2.20070129155820.04b31c80@xxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <BAY106-F147009159F7CA317BE703FCA70@xxxxxxx> <> <7.0.0.16.2.20070129155820.04b31c80@xxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx


At 4:02 PM -0500 1/29/07, Russ Housley wrote:

Roger & Steve:
Also, upon further reflection, I agree that since this is aself-signed cert, which presumably has been delivered via anout-of-band path that is considered integrity secure, the concernsover use of SHA-1 may be overstated.
I think that Santosh's note explained the point about self-signedcertificates. In my response, I assumed that the same signaturealgorithm would be used for certificates that are subordinate to theself-signed certificate. Thus my comments about 20 year validityperiods.
If the self-signed public keys are being used to validate digitalsignatures, similar issues arise.
Russ


Agreed.

Roger, where do you pan to use the hash algorithm in question?

Steve

References:
- RE: SHA 1 vs. SHA 256 for Root CA
  - From: ROGER YOUNGLOVE
- RE: SHA 1 vs. SHA 256 for Root CA
  - From: Stephen Kent
- RE: SHA 1 vs. SHA 256 for Root CA
  - From: Russ Housley

Prev by Date: RE: SHA 1 vs. SHA 256 for Root CA
Next by Date: source of "Friendly name"
Previous by thread: RE: SHA 1 vs. SHA 256 for Root CA
Next by thread: source of "Friendly name"
Index(es):
- Date
- Thread