On Thu, Jan 09, 2014 at 07:26:51PM -0500, Paul Wouters wrote:
> SHA2-224 would have my preference, as SHA1 is on its way out FIPS-wise
> and it is just easing not having to maintain SHA1 exceptions to the
> "disallow sha1" code paths.
I can live with HMAC SHA2-224.
> I think I'm fine with using sha2-224, if it saves us the hassle of doing
> label splitting. But still a little worried about hashing various
> character sets.
Email addresses are still (multiple failed[*] attempts at SMTP + UTF-8
addresses notwithstanding) US-ASCII strings. One can canonicalize
these via the identity map to UTF-8 if one wants to pretend otherwise.
--
Viktor.
[*] RFCs that nobody implements do not count as success.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
