[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Valid hash algorithms for X.509 certificates
From: |
David Marín Carreño |
Subject: |
Valid hash algorithms for X.509 certificates |
Date: |
Wed, 31 Dec 2008 02:13:10 +0100 |
Related with the MD5 issue, if I am not wrong, currently the only
interoperable hash algorithm for use with X.509 algorithms is SHA-1.
However, in the document [0] it is said that SHA-1 will probably
follow the same fate in a not very long time.
SHA-2 is currently allowed in standard X.509 certificates according to
RFC 4055, but only if RSASSA-PSS is used (at least, I understand it
that way).
Also, a new document "Internet X.509 Public Key Infrastructure:
Additional Algorithms and Identifiers for DSA and ECDSA"[1] is under
development, that includes SHA-2 hashing only when the certificate
uses DSA or ECDSA...
Does anyone know if the IETF is preparing a revision or update to RFC
3279 for deprecating (officially) MD2 and MD5 and including SHA-2 (or
other algorithms) as a proposed "standard" for all kinds of public
keys?
[0] http://www.win.tue.nl/hashclash/rogue-ca/
[1] http://tools.ietf.org/html/draft-ietf-pkix-sha2-dsa-ecdsa-05
--
David Marín Carreño
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Valid hash algorithms for X.509 certificates,
David Marín Carreño <=