rahariya
commented
4 years ago Current sentence states:
ALL certificates must be SHA256 with minimum key length of 2048.
Would it be better to rephrase it as:
ALL certificates must be from SHA-2 (Secure Hash Algorithm 2) cryptographic hash functions with minimum key length of 2048.
Mandating SHA256 is not a good idea. Some federal agencies mandate SHA512 for external facing certificates - and the requirement will evolve. SHA-512 is actually faster on 64-bit processors.