Configuration of deprecated functions, algorithms and parameters

[GoogleCodeExporter]

For validation of long term signatures, xades4j needs to know when specific 
hash functions, algorithms and algorithm parameters are considered insecure.

For example, signature based on a certificate with MD5 based signature, created 
in 1995 and timestamped with 1024 bit RSAwithSHA with 20 year validity would be 
still considered valid right now (even without use of XAdES-X-L or XAdES-A).

Similarly, a signature with 512 bit RSAwithSHA made in 1995 with valid 
Timestamp would still be considered valid right now.

In the future we will need similar information about SHA-1 and 1024bit RSA. 
Depending on threat model, they may be considered insecure now.

This creates a requirement of configuration file containing information 
defining which hash functions, general algorithms or algorithms with specific 
parameters were secure up to which date.
I suggest use of a configuration file because people are more likely to update 
configuration files than code in legacy applications.

I don't know of any ready-to-use standards of such files.

Related: issue 18.

Original issue reported on code.google.com by [email protected] on 25 Sep 2012 at 12:40

[GoogleCodeExporter]

This problem is referenced in last item of list in section 4.6 of Standard 
(v.1.4.2)

Original comment by [email protected] on 28 Sep 2012 at 12:16