Fine. Let's use SHA-256 then, as long as you explain to the Navy guys
why every presence change is 16 bytes bigger. I don't care what the
algorithm is. Let's just pick one and stick with it.
As an aside (not meant to derail the process, because, again, I don't
care what the algorithm is), I don't agree that SHA-1 is unsound for
this use. It would mean that someone was able to pick plaintext that
had a given hash, but still made sense as valid XML. The chances of
that still seem... remote.
On Nov 21, 2007, at 4:34 PM, Boyd Fletcher wrote:
SHA-1 is no longer cryptographically sound. We should be using the
SHA-2
class of hashes and probably set SHA-256 as the minimum.
boyd
On 11/21/07 6:22 PM, "Joe Hildebrand" <[EMAIL PROTECTED]> wrote:
On Nov 21, 2007, at 1:12 PM, Peter Saint-Andre wrote:
14. XEP-0115: Entity Capabilities
Dave objected to removal of hash attribute and hardcoding to SHA-1,
since that is not future-proof. Peter agreed that this needs to be
included.
Are we realistically *ever* going to define a new hash algorithm?
Imagine the breakage that would ensue.
This reminds me, though, that if we don't specify hash, the v
attribute cannot be optional for new caps; otherwise receivers won't
know whether this is an old or new caps declaration.
--
Joe Hildebrand
--
Joe Hildebrand
