Algorithm aliases of SHA-1 in DisabledAlgorithmConstraints

Weijun Wang at
Tue Mar 13 08:06:56 UTC 2018

> On Mar 12, 2018, at 10:41 PM, Sean Mullan <sean.mullan at> wrote:
> I would tend to think that we should only specify (or guarantee) that standard names are checked and used in the disabled algorithm properties.

But this means first we must only set standard names in the properties. What if someone sets a non-standard one? Do we just accept it as a raw string and only reject an algorithm if it is also using the non-standard name?


More information about the security-dev mailing list