[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xri] Comment on call re: algorithm agility
+1. So Scott, from a spec standpoint, what does this mean we should/should not do in the XRD 1.0 spec? =Drummond > -----Original Message----- > From: Scott Cantor [mailto:cantor.2@osu.edu] > Sent: Thursday, June 11, 2009 2:44 PM > To: 'XRI TC' > Subject: [xri] Comment on call re: algorithm agility > > Just for the permanent record, on the sparsely attended call today I > raised > one of my other concerns about the proliferation of proprietary signing > mechanisms in specs, which is algorithm agility. > > I had been planning to mention to Will that copying the SAML spec's > outdated > recommendation to use RSAwithSHA1 as the signing algorithm was probably > not > the ideal choice, since SHA256 is gradually replacing SHA1 as the current > "best option" until the new hash standard is done. > > The more one duplicates signing functionality across multiple spots in the > software stack, the harder it is to maintain control over the algorithms > being used and maintain some degree of agility as these old algorithms > fall > into disrepair. > > -- Scott > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]