On Mon, Oct 3, 2011 at 11:22 PM, Manger, James H <[email protected]> wrote: >> di:sha-128:B_K97zTtFuOhug27fke4_Q?enc=aes-cbc:Fw3x20nEKfq6FDGzq7ttIQ > > Instead if defining new names for truncated digests, why not simply include a > truncated digest with the existing algorithm name? You can determine the > truncation (in bytes) from the length of the base64url-encoding so there is > no ambiguity. > > di:sha-256:B_K97zTtFuOhug27fke4_Q > > The only downside I see is the risk of bad implementations accepting a digest > truncated to, say, 1 byte (eg di:sha-256:Bw) instead of enforcing a minimum > security level.
That is a risk that has been realized for HMACs in certain circumstances. A caveat is probably sufficient. -- Website: http://hallambaker.com/ _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
