> Basically, the usual concerns about a collision attack don't apply to this > use of hashes since the same party that produces the hashes also consumes > them.
Right. A spec like this needs to define the parameters needed to interoperate, and the hash isn't one of them. Also, anyone who spends five seconds thinking about the threat model should realize that people will reverse engineer the hashed names by using other info about the messages to figure out what message was sent to whom, and anything that isn't trivially reversible (sorry, rot13) is adequate. >1) Is that a reasonable reply? Yes. >2) Should the above be added as an Appendix? Don't see why. Perhaps we could do a separate BCP called something like "Excessive preoccupation with low level technical nits considered harmful." R's, John _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
