On 5/17/2016 10:55 AM, John Eells wrote:
So...suppose we were to do something like this*:
- Added support for both SHA-2 (SHA-256) and 2048-bit RSA certificates.**
- Put the package signing verification certificate where "anyone could
get it"
- Made the signing (certificate-based) check optional.
- Continued to keep the integrity checking optional, whether based on
SHA-2 or SHA-1.
Would that meet the set of needs we've been talking about?
* As usual, no promises.
** I think we have to keep the SHA-1 support because we create an
incompatibility if we don't.
John,
If you need to keep SHA-1 and it's being used, you should put out an
appropriate warning message that SHA-1 is deprecated.
Regards,
Tom Conley
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
