According to this paper on RegTP SHA-1 is still recommended as OK. http://www.regtp.de/imperia/md/content/tech_reg_t/digisign/184.pdf
Perhaps there has been another industry specific directive or initiative ? I was a little involved in the EU SPES project (looking at practical solutions to interoperability re digital sigs and certs) and one of the outcomes was that the commercial CA used by the German local authority represented on the project had suddenly used an algorithm not supported by MS CAPI (sorry) so the digital sigs could not be verified. It could well have been the hask algorithm but I don't know for sure. At least it supports your thoughts that "non-standard" algorithms might be being used. Mark. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Peter Gutmann Sent: 23 December 2004 12:41 To: [email protected] Subject: Re: New CA cert request from T-Systems Juergen Nieveler <[EMAIL PROTECTED]> writes: >Note that regtp.de is the government office that decides about those >registrations, and that "Ver�ffentlicht im Bundesanzeiger" means that >thoe registration was published in the offical government >announcement "newspaper", which is the way to make any such decision >"officially official". Didn't they recently disallow the use of SHA-1 in favour of RIPEMD-160, making the certs more or less useless with any mainstream cert-processing software? Peter. _______________________________________________ mozilla-crypto mailing list http://mail.mozilla.org/listinfo/mozilla-crypto _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
