[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SHA 1 vs. SHA 256 for Root CA

To: David Simonetti <dsimonetti@xxxxxxxx>, Russ Housley <housley@xxxxxxxxxxxx>
Subject: RE: SHA 1 vs. SHA 256 for Root CA
From: David Cross <David.Cross@xxxxxxxxxxxxx>
Date: Tue, 30 Jan 2007 14:37:35 -0800
Accept-language: en-US
Acceptlanguage: en-US
Cc: Stephen Kent <kent@xxxxxxx>, ROGER YOUNGLOVE <ryounglove1@xxxxxxx>, "ietf-pkix@xxxxxxx" <ietf-pkix@xxxxxxx>
In-reply-to: <19507.199.173.225.31.1170166689.squirrel@xxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <BAY106-F147009159F7CA317BE703FCA70@xxxxxxx> <> <7.0.0.16.2.20070129155820.04b31c80@xxxxxxxxxxxx> <19507.199.173.225.31.1170166689.squirrel@xxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
Thread-index: AcdEgiWLhIuiZrFOSW6LQ/atZDFkTgAPNJYQ
Thread-topic: SHA 1 vs. SHA 256 for Root CA

Hi Dave:

Responding only for your specific query, Windows Vista and Office 2007 support both SHA-256 as well as other SuiteB algorithms.  Unfortunately, SHA-2 support in Outlook is not currently possible with Windows XP and/or Office XP.



David B. Cross


-----Original Message-----
From: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-pkix@xxxxxxxxxxxx] On Behalf Of David Simonetti
Sent: Tuesday, January 30, 2007 6:18 AM
To: Russ Housley
Cc: Stephen Kent; ROGER YOUNGLOVE; ietf-pkix@xxxxxxx
Subject: RE: SHA 1 vs. SHA 256 for Root CA


Given these recommendations, how, for example, would I validate a digital
signature on an s/mime email signed using SHA-256 using Microsoft Outlook
running on Windows XP?  Is this only possible by using third party crypto
software?

Dave S.

>
> Roger & Steve:
>
>>Also, upon further reflection, I agree that since this is a
>>self-signed cert, which presumably has been delivered via an
>>out-of-band path that is considered integrity secure, the concerns
>>over use of SHA-1 may be overstated.
>
> I think that Santosh's note explained the point about self-signed
> certificates.  In my response, I assumed that the same signature
> algorithm would be used for certificates that are subordinate to the
> self-signed certificate.  Thus my comments about 20 year validity periods.
>
> If the self-signed public keys are being used to validate digital
> signatures, similar issues arise.
>
> Russ
>
>


--
Regards,
David Simonetti
Jacob & Sundstrom, Inc.
410-356-1067

References:
- RE: SHA 1 vs. SHA 256 for Root CA
  - From: ROGER YOUNGLOVE
- RE: SHA 1 vs. SHA 256 for Root CA
  - From: Stephen Kent
- RE: SHA 1 vs. SHA 256 for Root CA
  - From: Russ Housley
- RE: SHA 1 vs. SHA 256 for Root CA
  - From: David Simonetti

Prev by Date: RE: PKCS#7 and algorithm identifiers
Next by Date: Re: URN in subjectAltName
Previous by thread: RE: SHA 1 vs. SHA 256 for Root CA
Next by thread: Re: SHA 1 vs. SHA 256 for Root CA
Index(es):
- Date
- Thread