[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Way forward - updating RFC 3161
I have argued in support of your position and lost.
This work group has already decided to optionally allow a stronger hash than
SHA-1 to bind the signing certificate.
I would agree that no one has identified any realistic attack that would
require this response, but there is a point to do this anyway just to be
technically in line with other standards bodies and current deployment.
On 09-07-19 3:50 PM, "Peter Sylvester" <peter.sylvester@xxxxxxxxxx> wrote:
>> No doubt that everybody agrees that RFC 3161 should be updated to
>> allow the use of RFC 5035 [ESSV2].
>> The question is whether other changes should also be made.
> I do not agree with that at all. I'd not even think thae the
> essSigningCert serves
> A requirement of the EU Electronic Signature Directive is that a signature
> must identify the signer. The tsa field in the tstinfo is imo sufficient and
> has the advantage being explicit.