On 1/20/12 1:08 PM, Murray S. Kucherawy wrote:
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Steve
Atkins
Sent: Friday, January 20, 2012 11:05 AM
To: Message Abuse Report Format working group
Subject: Re: [marf] DISCUSS on draft-ietf-marf-redaction-04
I think that would improve it in general, as well as avoiding some of
the supposed security concerns.
Pete, do you think this approach would fly?
Sorry for not getting back to you earlier; tied up in meetings all
afternoon. But you did hear back from Stephen: This would address his
concerns. This way, you're not saying that H is a good idea for
redaction without explaining the limited meaning of "redaction" that
this document anticipates. I would like to see a "MAY" appear somewhere
in section 3 of your proposed text to indicate that the choice of
algorithm is a protocol option. (E.g., "An implementation MAY choose one
of ROT13, CRC32, MD5, H, HMAC, or any transformation that has a
reasonably low likelihood of collision...blah...blah...blah..."). And I
think you're likely to need references for the example algorithms you do
give, and maybe a a quick line about the features of each, (e.g., "ROT13
(manually invertible, but visually obscure), CRC32 (invertible by code,
but not simply by a human), ..."). But I think this is perfectly reasonable.
pr
--
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Incorporated - Direct phone: (858)651-4478, Fax: (858)651-1102
_______________________________________________
marf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/marf
