On 13.01.2009 09:48, Rob Stradling wrote:
I made a similar suggestion to ietf.pkix in October 2006. See...
http://www.imc.org/ietf-pkix/mail-archive/msg01964.html
...and the rest of that thread, including...
http://www.imc.org/ietf-pkix/mail-archive/msg01984.html
...
Ben, I agree that having multiple signatures in a certificate could be useful.
If, for example, the certificates in the wild today contained both MD5/RSA
and SHA-1/RSA signatures, Mozilla would be able to disable MD5 support
*today* without "breaking the internet", as long as the majority of relying
party software could process the additional signatures.
If the industry chose to introduce such a thing now, it could help us all in
the future when we need to move from SHA-1 to SHA-2, or from SHA-1/SHA-2 to
SHA-3, etc.
Rob,
I think that's an excellent suggestion. Not only because it allows more
advanced trust management, but also, as you point out, because it eases
the transition away from SHA-1 significantly, which I think will be very
important and may shorten the transition by years.
I think your proposal is nice, as it would allow to use the existing
extension mechanism, which means that it doesn't break current browsers.
Also, given that software will have to be changed anyways to support
SHA-2 or whatever, and we'll eventually use only that, I think there's -
in addition to the backwards-compatible way you propose - a chance to
introduce a new format which supports several signatures in a
straightforward way, and also other improvements which were hindered by
backwards-compatibility.
Greetings, and thanks a lot!
Ben
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
