OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: SHA-256 for SAML?

I suppose there must have been discussion about this in the past, but 
someone asked me:

  We’re wondering whether there’s a specification that enables SAML 2.0 to
  use SHA-256 rather than SHA-1, since SHA-1 is being deprecated for crypto
  strength reasons.  It seems that right now SHA-1 is baked into the SAML

I believe the answer is "no" (per section 5.4.1 of saml-core).

Presumably the followup question is:  is the SSTC working on what people 
tend to call "crypto algorithm agility" so the transition to new signature 
and encryption methods can be managed going forward?  I think the answer 
to that is "no" too, though maybe some of the recent XML signature 
revision discussion has a bearing on that.

  - RL "Bob"

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]