Algorithm aliases of SHA-1 in DisabledAlgorithmConstraints

Sean Mullan sean.mullan at oracle.com
Thu Mar 15 18:18:40 UTC 2018


On 3/13/18 1:06 AM, Weijun Wang wrote:
> 
> 
>> On Mar 12, 2018, at 10:41 PM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>
>> I would tend to think that we should only specify (or guarantee) that standard names are checked and used in the disabled algorithm properties.
> 
> But this means first we must only set standard names in the properties. What if someone sets a non-standard one? Do we just accept it as a raw string and only reject an algorithm if it is also using the non-standard name?

If non-std names just work right now, that's ok but I don't think we 
should make any requirements that it is supported. Right now the 
property says:

# The "AlgorithmName" is the standard algorithm name of the disabled
# algorithm.

And I would not change that.

--Sean


More information about the security-dev mailing list