Algorithm aliases of SHA-1 in DisabledAlgorithmConstraints

Weijun Wang at
Wed Mar 14 01:17:32 UTC 2018

> On Mar 13, 2018, at 11:54 PM, Xuelei Fan < at> wrote:
> On 3/13/2018 1:06 AM, Weijun Wang wrote:
>>> On Mar 12, 2018, at 10:41 PM, Sean Mullan <sean.mullan at> wrote:
>>> I would tend to think that we should only specify (or guarantee) that standard names are checked and used in the disabled algorithm properties.
>> But this means first we must only set standard names in the properties. What if someone sets a non-standard one? Do we just accept it as a raw string and only reject an algorithm if it is also using the non-standard name?
> Where does the non-standard name come from?  

The setting inside I know we use standard names now, but customer can change it.

> Maybe, before calling into the crypto constraints methods, the name can be standardized.

We will need a table, not based on aliases in any provider.


> Xuelei

More information about the security-dev mailing list