AMWA-TV/bcp-003-03

SHA support when signing CSR with different EST servers

Closed this issue · 2 comments

Another item that came up from the Virtual Workshop compare the OpenXPKI and Cisco EST servers.

  • Cisco: supports sha1 and sha256
  • OpenXPKI: supports sha256

I believe the limitation on the OpenXPKI is because of the security consideration when using low sha with ecdsa.

Due to SHA1's smaller bit size, it has become more susceptible to attacks which therefore led to its deprecation from SSL certificate issuers in January 2016. An example of the difference in size between SHA1 vs SHA256 can be seen in the following example hashes:
SHA1 - da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 - e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Here https://www.keycdn.com/support/sha1-vs-sha256

Wikipedia says:

Since 2005, SHA-1 has not been considered secure against well-funded opponents; as of 2010 many organizations have recommended its replacement. NIST formally deprecated use of SHA-1 in 2011 and disallowed its use for digital signatures in 2013. As of 2020, chosen-prefix attacks against SHA-1 are now practical. As such, it is recommended to remove SHA-1 from products as soon as possible and instead use SHA-256 or SHA-3. Replacing SHA-1 is urgent where it is used for signatures.

All major web browser vendors ceased acceptance of SHA-1 SSL certificates in 2017.

I think we need some language about using sha256 or higher.