On Sat, Jun 20, 2026 at 11:30:18AM -0500, Behcet Sarikaya wrote:
> > > Section 3.4.4 SHA-1 SHA-1 as a cryptographic algorithm is
> > > deprecated and should be phased out by Dec. 31, 2030
> >
> > In this context, SHA-1 is not used for cryptographic purposes.
> >
> > The CCR embedded integrity checksums and the content address references
> > to objects outside the CCR all use SHA-256. See 'hashAlg' in section 3.2.
> >
> > This is what I found on my search:
>
> SHA-1 is no longer secure because it is vulnerable to "collision attacks,"
> where two different inputs produce the exact same hash
> 
> What would you say?

Collisions are not relevant in this context. The tuple of (SHA-1 SKI,
Manifest SIA) uniquely identifies the Certification Authority, in
the original context part of a chain of RSA-2048 signatures, this is
sufficient for the analytical purposes for which CCR is intended.

More importantly, this CCR specification is not the place to redefine
what constitues a Certificate KeyIdentifier in the RPKI context. The
CCR standard merely aligns with the existing body of work around RPKI,
specifically Section 4.8.2 of RFC 6487.

Please note that the CCR embedded integrity checksums and the content
address references to objects outside the CCR all use SHA-256. See
'hashAlg' in section 3.2.

Kind regards,

Job

_______________________________________________
Gen-art mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to