John Mattsson <[email protected]> wrote: > - There was a suggestion that SHA-1 algorithms should get large values, > but sha1WithRSAEncryption is still one of the most common algorithm. It > is quite commonly used in self-signed root certificates, where it is > fine to do so.
Self-signed root certificates tend not to be transmitted. If you don't have the right anchor, the chain is useless. I do have counter-examples (BRSKI) where it is either useful for debugging, or essential to get pinning right. However, it's a greenfield, and we'd prefer to encourage ECDSA anyway, so I strongly agree that SHA-1 algorithms can get large values. I couldn't tell with the replies of "Agree" what other posters actually were agreeing to. -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
