On 08/01/14 11:58, Peter Gutmann wrote:
Rob Stradling <[email protected]> writes:
SHA-256, SHA-384 and SHA-512 are the algorithms that CAs should use.
In my playing around with all the TLS and SSH implementations I could find
that talk SHA-2, I've found that SHA-256 is the new SHA-1. In other words if
you want interoprability with anything that does SHA-2, go with SHA-256.
Peter, do you have a list of software/versions that have TLS
implementations that work fine with SHA-256 in certificate signatures
but fail to work with SHA-384 and/or SHA-512 in certificate signatures?
Based on the NIST guidance, we've been using SHA-384 when using RSA-4096
and secp384r1 CA private keys to sign certificates. I've not yet become
aware of any interop issues with stuff that claims to talk SHA-2.
Thanks.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
