ISSUE-22: Is sha1 as a DigestMethod strong enough for Widgets digital signatures?

Is SHA1 good enough?

Is sha1 as a DigestMethod strong enough for Widgets digital signatures?

State:
CLOSED
Product:
Widgets
Raised by:
Josh Soref
Opened on:
2008-06-27
Description:
The widgets 1.0: Digital Signature specification currently mandates that the DigestValue be calculated using RSA-SHA1(and indicated as such by the DigestMethod). However, weaknesses have been found in SHA1 [1]. So would some other DigestMethod be more appropriate? does it really matter that SHA1 has been "broken" for this use case?

[1] http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
Related Actions Items:
Related emails:
  1. Re: ISSUE-22 (Is SHA1 good enough?): Is sha1 as a DigestMethod strong enough for Widgets digital signatures? (from art.barstow@nokia.com on 2008-11-03)
  2. Widgets digital signatures, off-list discussion about requirements and algorithms. (from tlr@w3.org on 2008-09-26)
  3. Seeking feedback regarding Widgets Digital Signatures spec (from art.barstow@nokia.com on 2008-09-26)
  4. [widgets] Minutes from 25 September 2008 Voice Conference (from art.barstow@nokia.com on 2008-09-25)
  5. [widgets] Agenda for 25 September 2008 Voice Conference (from art.barstow@nokia.com on 2008-09-24)
  6. ISSUE-22 (Is SHA1 good enough?): Is sha1 as a DigestMethod strong enough for Widgets digital signatures? (from sysbot+tracker@w3.org on 2008-06-27)

Related notes:

Closed. See:

<http://lists.w3.org/Archives/Public/public-webapps/2008OctDec/0230.html>

Arthur Barstow, 3 Nov 2008, 12:58:04

Display change log ATOM feed

Arthur Barstow <art.barstow@nokia.com>, Charles McCathieNevile <chaals@opera.com>, Chairs, Doug Schepers <schepers@w3.org>, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: index.php,v 1.287 2012/02/01 05:29:12 dom Exp $