acertmgr icon indicating copy to clipboard operation
acertmgr copied to clipboard
verified publisher icon moepman

RFC 6960 updates OCSP validation algorithm to SHA256

Open Sprinterfreak opened this issue 2 years ago • 1 comments

cryptography.io states

SHA256 is in this example because while RFC 5019 originally required SHA1 RFC 6960 updates that to SHA256. However, depending on your requirements you may need to use SHA1 for compatibility reasons.

Is there any reason, why we still default to sha1?

Quick tests with validate_ocsp: 'sha256' did not indicate any issues for me so far.

Sprinterfreak avatar Jul 01 '23 13:07 Sprinterfreak

The reason is simple: The OCSP request spec is still based on RFC5019 and RFC6950 does not obsolete or update that (see https://datatracker.ietf.org/doc/html/rfc6960).

RFC5019 explicitly states that "Clients MUST use SHA1 as the hashing algorithm for the CertID.issuerNameHash and the CertID.issuerKeyHash values." (see https://datatracker.ietf.org/doc/html/rfc5019#section-2.1.1) and thats where the default comes from.

RFC6960 only states that an OCSP client has to be capable of processing responses signed with sha256 and should be able to process sha1 as well (see https://datatracker.ietf.org/doc/html/rfc6960#section-4.3). So IHMO the information on cryptography.io might just be a misunderstanding?

Anyway as long as RFC5019 is the leading standard there is no reason to update this default and cause potential breakage or problems.

Kishi85 avatar Jul 12 '23 13:07 Kishi85