Valid hash algorithms for X.509 certificates

David Marín Carreño davefx at
Wed Dec 31 02:13:10 CET 2008

Related with the MD5 issue, if I am not wrong, currently the only
interoperable hash algorithm for use with X.509 algorithms is SHA-1.

However, in the document [0] it is said that SHA-1 will probably
follow the same fate in a not very long time.

SHA-2 is currently allowed in standard X.509 certificates according to
RFC 4055, but only if RSASSA-PSS is used (at least, I understand it
that way).
Also, a new document "Internet X.509 Public Key Infrastructure:
Additional Algorithms and Identifiers for DSA and ECDSA"[1] is under
development, that includes SHA-2 hashing only when the certificate
uses DSA or ECDSA...

Does anyone know if the IETF is preparing a revision or update to RFC
3279 for deprecating (officially) MD2 and MD5 and including SHA-2 (or
other algorithms) as a proposed "standard" for all kinds of public


David Marín Carreño

More information about the Gnutls-devel mailing list