On 17/01/14 03:39, Man Ho (Certizen) wrote:
On 1/8/2014 8:12 PM, Rob Stradling wrote:
Based on the NIST guidance, we've been using SHA-384 when using
RSA-4096 and secp384r1 CA private keys to sign certificates. I've not
yet become aware of any interop issues with stuff that claims to talk
SHA-2.
Do you mean using SHA-384 to sign sub-root certificate
Yes, when we're using our RSA-4096 and secp384r1 root keys to sign the
sub-root certificates.
and then that sub-root certificate sign SHA-384 end-entity certificates?
Depends on the sub-root key size. When we're using RSA-2048 and
secp256r1, (the NIST guidance says that) SHA-256 is an appropriate match.
BTW, I have a second thought that the sub-root certificate can be signed
with SHA-384 while the end-entity certificates can be signed with
SHA-256, or vice versa. It should be possible, shouldn't it?
Yes.
Examples:
https://comodorsacertificationauthority-ev.comodoca.com/
https://comodoecccertificationauthority-ev.comodoca.com/
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
