assurance - [Assurance] SHA-2 Update
Subject: Assurance
List archive
- From: Ann West <>
- To: "" <>
- Subject: [Assurance] SHA-2 Update
- Date: Thu, 5 Sep 2013 20:22:13 +0000
- Accept-language: en-US
Per our Assurance call yesterday, below is an update on the SHA-2 issue.
The InCommon Assurance Advisory and Technical Advisory Committees are investigating state of SP support of SHA 256 per the NIST requirement which calls
for discontinuing use of the SHA-1 digest function or hash algorithm in digital signatures effective January 1, 2014 and recommends using any of the digest functions known collectively as SHA-2 for use in digital signatures. For initial background and
early thoughts on the issue, see: https://spaces.internet2.edu/display/InCAssurance/Transition+to+SHA-2
Tom Scavo, InCommon Ops, is working with Tom Barton of the AAC/TAC and several campus testers to probe federation SPs. (For investigation methodology, see:
The campuses testers include:
Given early results, the TAC observed that the majority of outright failures come from three organizations:
1. Carnegie Mellon (30)
2. University of Chicago (21)
3. Highwire Press (19)
Further testing demonstrated a direct link between older versions of openssl and SHA-2 incompatibility. Tom is now refining his script to iterate over all SP and their
endpoints to allow deeper probing. Stay tuned for final outcomes and recommendations.
Ann West
Assistant Director,
InCommon Assurance and Community
Internet2 based at Michigan Tech
office: +1.906.487.1726
|
- [Assurance] SHA-2 Update, Ann West, 09/05/2013
- Re: [Assurance] SHA-2 Update, David Langenberg, 09/05/2013
- Re: [Assurance] SHA-2 Update, Ann West, 09/05/2013
- Re: [Assurance] SHA-2 Update, David Langenberg, 09/05/2013
- RE: [Assurance] SHA-2 Update, Capehart,Jeffrey D, 09/05/2013
- Re: [Assurance] SHA-2 Update, Cantor, Scott, 09/05/2013
- Re: [Assurance] SHA-2 Update, David Langenberg, 09/05/2013
- Re: [Assurance] SHA-2 Update, Cantor, Scott, 09/05/2013
- Re: [Assurance] SHA-2 Update, Ann West, 09/05/2013
- <Possible follow-up(s)>
- Re: [Assurance] SHA-2 Update, Joe St Sauver, 09/05/2013
- Re: [Assurance] SHA-2 Update, David Langenberg, 09/05/2013
- Re: [Assurance] SHA-2 Update, Joe St Sauver, 09/05/2013
- Re: [Assurance] SHA-2 Update, David Langenberg, 09/05/2013
Archive powered by MHonArc 2.6.16.