Joe Hildebrand schrieb:
3b. If we specify an MTI algorithm, do we specify MD5 or SHA-1 or
something else?
Frankly, I don't care. MD5 is smaller, and probably more secure, but
has marketing issues, particularly with a vocal minority on this list.
We all have SHA-1 implementations for other things.
Maybe I misunderstood the new hash logic. Does it matter at all which
hashing we use? I thought we use the resulting hash only for the disco
cache and don't verify anything.
Most client and library implementations have both hashing algorithms
already implemented for SASL.
> Flip a coin, for all I care.
My coin has SHA-1 on both sides :). I prefer it because its used at many
other places as well. But I'm also fine with MD-5. As i said before, I
don't see the reason why the hash algorithm matters.
Alex
