saml-dev message

Subject: Re: [saml-dev] SHA-1 vs. SHA-2/SHA-3/etc.?

From: "Cantor, Scott" <cantor.2@osu.edu>
To: Szabó Áron <baronsz@freemail.hu>, "saml-dev@lists.oasis-open.org" <saml-dev@lists.oasis-open.org>
Date: Wed, 5 Feb 2014 16:12:07 +0000

On 2/5/14, 11:08 AM, "Szabó Áron" <baronsz@freemail.hu> wrote:
>
>so, you mean, that in this requirement: "SAML processors SHOULD support
>the use of RSA signing and verification for public key operations in
>accordance with the algorithm identified by
>http://www.w3.org/2000/09/xmldsig#rsa-sha1."; the "SHOULD" means that "at
>least, but not exclusively", am I right?

Actually, that statement isn't even active, it's been errata'd.

-- Scott

E81: Algorithm statement in XML Signature profile
Change 
[SAMLCore]
 Section 5.4.1, lines 2926-2927, and [SAMLMeta] Section 3.1.1, lines
1182-1183, to relax the implication that RSA with SHA1 is the only
supported algorithm.
Original:
SAML processors SHOULD support the use of RSA signing and verification for
public key operations in
accordance with the algorithm identified by
http://www.w3.org/2000/09/xmldsig#rsa-sha1

New:
Any algorithm defined for use with the XML Signature specification MAY be
used

Follow-Ups:
- Re: [saml-dev] SHA-1 vs. SHA-2/SHA-3/etc.?
  - From: Szabó Áron <baronsz@freemail.hu>

References:
- Re: [saml-dev] SHA-1 vs. SHA-2/SHA-3/etc.?
  - From: "Cantor, Scott" <cantor.2@osu.edu>
- Re: [saml-dev] SHA-1 vs. SHA-2/SHA-3/etc.?
  - From: Szabó Áron <baronsz@freemail.hu>