On 17/Jan/12 01:42, Steve Atkins wrote: > On Jan 16, 2012, at 3:44 PM, Murray S. Kucherawy wrote: >> >> b) Add even more explanatory text so that the reader has it clear >> that we are not attempting to completely secure something here, >> and acknowledge fully that there are weaknesses in our algorithm. >> (The Wikipedia page for HMAC gives a pretty good description of >> the comparison and attacks.)
I see no reason why HMAC wouldn't be an acceptable choice. However, I'd like the phrase "steel lock on a cardboard box" to be part of any paragraph (of that I-D) where "HMAC" will appear. It should be clarified that the algorithm is somewhat unimportant, as long as it's (almost) 1:1. ROT13, using the (hashed) record number, or slightly truncating base64 strings (any padding "=" in particular) are alternatives that could be mentioned in order to convey that idea. > 1. ROT13 > 2. Suffix with a semicolon > > That way "[email protected]" would translate to "fgrir;@blighty.com" > > That makes the email address illegal, so it cannot be mailed > accidentally, and also means it can't be unthinkingly copied and > pasted into a message (or made usefully clickable by a zealous MUA > or...). +1 for the semicolon, cute way to mark diligent 1:1 redaction! _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
