Hi, In the base-13 draft section 10.1, it mandates the support of SHA1 and SHA256 self-signed digest for generating NodeId. However, in the same section, it also defines the "node-id-length" to be no more than 160 bits (SHA1). This means if SHA256 is used, the NodeId will be truncated to 160 bit or less.
Why mandate a crippled SHA256 that offers no added strength than SHA1? Consider removing it altogether. If 128-bit is good enough for NodeId, then 160-bit good enough for self-signed certs. I would also recommend adding language of "recommending" the use of SHA1 for all signer-id-hash in signature for the same reason. It's another topic. Thanks --Michael _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
