If we go for text, we should use: http://www.iana.org/assignments/dssc/dssc.xml
Registration Procedures : First Come First Served Reference : [RFC5698] Here are the digest algs: md2 1.2.840.113549.2.2 [RFC3279] md5 1.2.840.113549.2.5 [RFC3279][RFC4051] sha-1 1.3.14.3.2.26 [RFC3279][RFC4051] sha-224 2.16.840.1.101.3.4.2.4 [RFC4055][RFC4051] sha-256 2.16.840.1.101.3.4.2.1 [RFC4055] sha-384 2.16.840.1.101.3.4.2.2 [RFC4055][RFC4051] sha-512 2.16.840.1.101.3.4.2.3 [RFC4055] I would presume that sha-3-* will be defined in due course. So there would have to be text to strongly discourage use of sha-1 and very strongly discourage md2 and md5. I don't think we could prohibit use while relying on an extensible registry. _______________________________________________ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec