RE: [security-services] SHA-256 for SAML?

["Scott Cantor" <cantor.2@osu.edu>]

RL 'Bob' Morgan wrote on 2009-07-29:
> I suppose there must have been discussion about this in the past, but
> someone asked me:
> 
>   We?re wondering whether there?s a specification that enables SAML 2.0 to
>   use SHA-256 rather than SHA-1, since SHA-1 is being deprecated for
crypto
>   strength reasons.  It seems that right now SHA-1 is baked into the SAML
>   spec.
> 
> I believe the answer is "no" (per section 5.4.1 of saml-core).

That language should have been moved into conformance, it's pretty much an
errata, I would say. It's not even useful for conformance, since it's a
SHOULD, so it probably ought to just be yanked.

> Presumably the followup question is:  is the SSTC working on what people
> tend to call "crypto algorithm agility" so the transition to new signature
> and encryption methods can be managed going forward?  I think the answer
> to that is "no" too, though maybe some of the recent XML signature
> revision discussion has a bearing on that.

That's also entirely about conformance, of course. The XML Signature changes
that are coming do include changes to the recommended and MTI algorithms,
but the spec as a whole is still algorithm agnostic, and thus SAML is too.

So, RSA-SHA256 is certainly allowed already.

-- Scott