On 11/19/2013 02:50 AM, Rob Stradling wrote: >> On 11/18/2013 07:00 AM, Gervase Markham wrote: >>> Hi everyone, >>> >>> Following Microsoft's announcement re: SHA-1, some CAs are asking >>> browser and OS vendors about the ubiquity of SHA-256 support. It would >>> be a help to them if we could say: >>> >>> - Which version of NSS first supported SHA-256 > > Gerv, SHA-256 isn't the only algorithm of interest here. > > The latest Windows Root Certificate Program requirements [1] permit > CAs to use SHA-256, SHA-384 and SHA-512. Unsurprisingly, these 3 > functions from the SHA-2 family are what the Windows CryptoAPI > actually supports (since XP SP3). >
My evaluation on when we supported SHA-2 covers all 3 hash functions. > On 19/11/13 02:20, Robert Relyea wrote: >> I think it's safe to say if your NSS ap is newer than a decade old, you >> have SHA-2 support. The one caveat is that SHA-224 support was added >> much later, but SHA-256, SHA-384, and SHA-512 have all been supported >> for a while. > > SHA-224 isn't supported by CryptoAPI, and CAs aren't permitted (by > [1]) to use it anyway. Ditto for the SHA-512/224, SHA-512/256 and > SHA-512/t functions that were added to the SHA-2 specification [2] > last year. We don't support the "truncated"* SHA-512 functions (other than SHA-384). SHA-224 is a "truncated"* SHA-256. * "truncated" hashes also have their own initialization vector, so SHA-224(x) != trunc(SHA-256(x)) even though SHA-224 uses the same base algorithm. > > > [1] > http://social.technet.microsoft.com/wiki/contents/articles/1760.windows-root-certificate-program-technical-requirements-version-2-0.aspx > > [2] http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf >
smime.p7s
Description: S/MIME Cryptographic Signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
