On Tue, 2006-28-11 at 10:59 +0000, Dave Pawson wrote:
That's a good idea, though I note that since this spec was written some
new attacks on SHA1 have appeared. Is it possible to say "use xmlenc
_except_ we change SHA256 from RECOMMENDED to REQUIRED"?
How about adding some flexibility for implementors.
I.e. list a few acceptable encryption algorithms, then require
that an implementation record the one used, which then
means that other implementations can use a number of algorithms
and we can have interop?
Yes, that would be good. We can say that SHA1, SHA256, SHA512 and
RIPMEND-160 are all ok (list taken from xmlenc), but all implementations
must support at least SHA256 but preferably all.
The informative clauses can be used to explain the rationale for
Yes. Developers may not know that SHA1 is becoming week rather quickly.
I just read that RSA expects a successful pre-image attack on SHA1
within 5-10 years.