[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Comment on call re: algorithm agility
Just for the permanent record, on the sparsely attended call today I raised one of my other concerns about the proliferation of proprietary signing mechanisms in specs, which is algorithm agility. I had been planning to mention to Will that copying the SAML spec's outdated recommendation to use RSAwithSHA1 as the signing algorithm was probably not the ideal choice, since SHA256 is gradually replacing SHA1 as the current "best option" until the new hash standard is done. The more one duplicates signing functionality across multiple spots in the software stack, the harder it is to maintain control over the algorithms being used and maintain some degree of agility as these old algorithms fall into disrepair. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]