NEWS about specifying trustchain HASH algorithm requirements

author Martin Willi <martin@revosec.ch>

Tue, 12 Jun 2012 12:43:55 +0000 (14:43 +0200)

committer Martin Willi <martin@revosec.ch>

Tue, 12 Jun 2012 13:01:39 +0000 (15:01 +0200)
author Martin Willi <martin@revosec.ch>
Tue, 12 Jun 2012 12:43:55 +0000 (14:43 +0200)
committer Martin Willi <martin@revosec.ch>
Tue, 12 Jun 2012 13:01:39 +0000 (15:01 +0200)
diff --git a/NEWS b/NEWS

index b7d1104..45f7de8 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,13 @@ strongswan-5.0.0
  - Source routes are reinstalled if interfaces are reactivated or IP addresses
    reappear.
  
+- In addition to trustchain key strength definitions for different public key
+  systems, the rightauth option now takes a list of signature hash algorithms
+  considered save for trustchain validation. For example, the setting
+  rightauth=rsa-2048-ecdsa-256-sha256-sha384-sha512 requires a trustchain
+  that uses at least RSA-2048 or ECDSA-256 keys and certificate signatures
+  using SHA-256 or better.
+
  
  strongswan-4.6.4
  ----------------
author	Martin Willi <martin@revosec.ch>
	Tue, 12 Jun 2012 12:43:55 +0000 (14:43 +0200)
committer	Martin Willi <martin@revosec.ch>
	Tue, 12 Jun 2012 13:01:39 +0000 (15:01 +0200)