On Mon, Jan 19, 2009 at 01:38:02PM +0000, Darren J Moffat wrote: > I don't think it depends at all on who you trust but on what algorithms > are available in the protocols you need to use to run your business or > use the apps important to you for some other reason. It also very much > depends on why the app uses the crypto algorithm in question, and in the > case of digest/hash algorithms wither they are key'd (HMAC) or not.
As Jeff Hutzelman suggested recently, inspired by the SSHv2 CBC mode vulnerability, hash algorithm agility for PKI really means having more than one signature, each using a different hash, in each certificate; this enlarges certificates. Alternatively, it needs to be possible to select what certificate to present to a peer based on an algorithm negotiation; this tends to mean adding round-trips to our protocols. Nico -- --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
