For TLS-based EAP purposes, I feel we should all be using certificates with SHA-2 family signature algorithms now, the best choice probably being SHA-256, as Microsoft, Google and Mozilla are actively deprecating SHA-1. Even though this is mostly in the context of the secure Web, is it not likely that we will see operating systems being hostile to certificates with a SHA-1 signature algorithm going forward, as it is today with certificates that use MD5? http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.as... http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.... https://wiki.mozilla.org/CA:Problematic_Practices#SHA-1_Certificates On Tue, Oct 7, 2014 at 1:19 PM, Alan DeKok <aland@deployingradius.com> wrote:
When I create certificates, I use "conservative" values. RSA, 2048 bit keys, SHA, etc. That works everywhere.