-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 With regards to XEP-0189, I should have been much more explicit the first time around. It is Deferred, and has been so for a very long time; it means no one is working on it, and no one cares enough about it to put in the work to advance it to Draft. It is essentially dead, as dead as any specification can truly be. Any further discussion on the merits or deficiencies of XEP-0189 are pointless (unless you're willing to take on its authorship).
Speaking much more generically, there is a desire to be able to use SHA-2 wherever possible. SHA-1 is still necessary to meet the widest possible interoperability on the general Internet, but there are isolated deployments where further restriction is wanted/needed. There is some desire to make public keys available over XMPP via [PUBSUB] and [PEP], but no one has yet put in the work to do that. At this point, that effort (if/when it starts up again) is extremely likely to use something that already exists, which is possibly based on JOSE. As the above generalities apply to JOSE, I think that means: * it would be nice to have a way to do everything with just SHA-2 * any fingerprinting ought to support SHA-2, but cannot prohibit SHA-1 - -- - - m&m Matt Miller < [email protected] > Cisco Systems, Inc. [PUBSUB] XEP-0060: Publish-Subscribe < http://xmpp.org/extensions/xep-0060.html > [PEP] XEP-0163: Personal Eventing Protocol < http://xmpp.org/extensions/xep-0163.html > On 5/27/14, 12:27 PM, John Bradley wrote: > Matt, > > Do people want a explicit way to send a SHA256 hash of a DER > encoded cert in JWS/JWE? > > The XMPP spec being pointed tp is talking about a print or keyprint > that is a SHA256 of the XML character data of the <key/> element. > > > The key element seems to be a XML encoded Modulus, Exponent and > other stuff. > > Is this part of the XMPP spec stable enough to have its quite > custom notion of encoded public keys included in JOSE. > > I would personally like to see the XMPP spec create the element and > register it, similarly to the way we did it for JWKS thumbprint. > https://self-issued.info/docs/draft-jones-jose-jwk-thumbprint-00.html > > If it were just using SHA256 vs SHA1 that might be a different > case, but it seems that what is being hashed is quite different > from the current thumbprint. > > John B. > > On May 27, 2014, at 11:00 AM, Matt Miller <[email protected]> > wrote: > > /me dons "XMPP Expert" Hat > > There is some desire to use SHA2 but no strong requirement. As far > as algorithm requirements go, look to [XMPP-TLS], [XEP-0300], and > [XEP-0320] for the results of the community's more current > discussions. > > >> >> _______________________________________________ jose mailing >> list [email protected] https://www.ietf.org/mailman/listinfo/jose > -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCgAGBQJThN4fAAoJEDWi+S0W7cO1cZEH/iFZctAwEesDj8+I3e9PdM4A niugjXOR4/Ptpbv058RJqRo3syykto5OrG8wWZ/xaCmdIS0SAkHsIWvlYu925Apa KXzdMUBT8uMVsMmC//WGLeoyCDULjyiPHN07eJQU14MksmW5jy8FcswynESc2YCM 6UJfy6E/BLZ23VAYxLsQRP+Q5xUmpD+io9YOZ6bAhwri9oksC93P2UMU5+Yq9jxt mFWUROM3e8qOP176Q7odRl3yoldTnOAHHvmovwZYcPetWQTukrgCRmQQravYG/Zj qtjJhdQ4686Z6EwwOTQVKjdVs97zanNsjweUYoi7KEDzVbmBe1VX0celHC6Jr+8= =SZyJ -----END PGP SIGNATURE----- _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
