[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SHA-256 for SAML?
I suppose there must have been discussion about this in the past, but someone asked me: We’re wondering whether there’s a specification that enables SAML 2.0 to use SHA-256 rather than SHA-1, since SHA-1 is being deprecated for crypto strength reasons. It seems that right now SHA-1 is baked into the SAML spec. I believe the answer is "no" (per section 5.4.1 of saml-core). Presumably the followup question is: is the SSTC working on what people tend to call "crypto algorithm agility" so the transition to new signature and encryption methods can be managed going forward? I think the answer to that is "no" too, though maybe some of the recent XML signature revision discussion has a bearing on that. - RL "Bob"
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]