ISSUE-22: Is sha1 as a DigestMethod strong enough for Widgets digital signatures?
Is SHA1 good enough?
Is sha1 as a DigestMethod strong enough for Widgets digital signatures?
- State:
- CLOSED
- Product:
- HISTORICAL: Widgets [Bugs and Issues are tracked via Bugzilla https://www.w3.org/Bugs/Public/describecomponents.cgi?product=WebAppsWG]
- Raised by:
- Josh Soref
- Opened on:
- 2008-06-27
- Description:
- The widgets 1.0: Digital Signature specification currently mandates that the DigestValue be calculated using RSA-SHA1(and indicated as such by the DigestMethod). However, weaknesses have been found in SHA1 [1]. So would some other DigestMethod be more appropriate? does it really matter that SHA1 has been "broken" for this use case?
[1] http://www.schneier.com/blog/archives/2005/02/sha1_broken.html - Related Actions Items:
ACTION-228 on Arthur Barstow to Ask the XML Sec WG "what algorithm do you recommend we use and what identifier should we use for it?" - due 2008-09-03, closed- Related emails:
- Re: Thoughts behind the Streams API ED (from vitteaymeric@gmail.com on 2013-11-07)
- Re: Thoughts behind the Streams API ED (from tyoshino@google.com on 2013-11-07)
- Re: ISSUE-22 (Is SHA1 good enough?): Is sha1 as a DigestMethod strong enough for Widgets digital signatures? (from art.barstow@nokia.com on 2008-11-03)
- Widgets digital signatures, off-list discussion about requirements and algorithms. (from tlr@w3.org on 2008-09-26)
- Seeking feedback regarding Widgets Digital Signatures spec (from art.barstow@nokia.com on 2008-09-26)
- [widgets] Minutes from 25 September 2008 Voice Conference (from art.barstow@nokia.com on 2008-09-25)
- [widgets] Agenda for 25 September 2008 Voice Conference (from art.barstow@nokia.com on 2008-09-24)
- ISSUE-22 (Is SHA1 good enough?): Is sha1 as a DigestMethod strong enough for Widgets digital signatures? (from sysbot+tracker@w3.org on 2008-06-27)
Related notes:
Closed. See:
<http://lists.w3.org/Archives/Public/public-webapps/2008OctDec/0230.html>
Display change log