Re: Way forward - updating RFC 3161

[Stefan Santesson <stefan@xxxxxxxxxxx>]

Peter,

I have argued in support of your position and lost.
This work group has already decided to optionally allow a stronger hash than
SHA-1 to bind the signing certificate.

I would agree that no one has identified any realistic attack that would
require this response, but there is a point to do this anyway just to be
technically in line with other standards bodies and current deployment.

/Stefan


On 09-07-19 3:50 PM, "Peter Sylvester" <peter.sylvester@xxxxxxxxxx> wrote:

> 
> 
>> 
>> 
>>     No doubt that everybody agrees that RFC 3161 should be updated to
>>     allow the use of RFC 5035 [ESSV2].
>>     The question is whether other changes should also be made.
>> 
> I do not agree with that at all. I'd not even think thae the
> essSigningCert serves
> anything.
> 
> A requirement of the EU Electronic Signature Directive is that a signature
> must identify the signer. The tsa field in the tstinfo is imo sufficient and
> has the advantage being explicit.
> 
> 
>