Konstantin Andreev a écrit :
On Wen, 03 Jun 2009, Nelson B Bolyard wrote:

Finally, I will add that (IINM) Thunderbird 3 has support for AES.
I don't know about the SHA1 vs SHA2 issue.

No, it hasn't, TB hardcodes SHA1. No variations:

----( begin cite )--------
/* Now initialize the crypto library, so that we can compute a hash
on the object which we are signing.
mHashType = nsICryptoHash::SHA1;

mDataHash = do_CreateInstance("@mozilla.org/security/hash;1", &rv);
if (NS_FAILED(rv)) return 0;

rv = mDataHash->Init(mHashType);
----( end cite )--------


On Thu, 04 Jun 2009, Nelson B Bolyard wrote:
On 2009-07-02 02:20 PDT, Jean-Marc Desperrier wrote:
I'm not very well placed to give a specification, but it seems it's really nothing more than "take sMIMECapabilities, include it inside x509".

It would be good to include the RFE also in Dogtag then.

I have subsequently learned that this is specified in RFC 4262.
I have filed RFEs for NSS and for Dogtag. I CC'ed you on the NSS RFE.


This enhancement will be useless until Mozilla/"MailNews Core" attends these capabilities. Given that TB security enhancements are stalled for years, I wouldn't rely on this.
Ok, so it's still sha1 by default for S/Mime ?
Is it also sha1 by default for TLS ?


dev-tech-crypto mailing list

Reply via email to