[Standards] [Fwd: [Council] meeting minutes, 2007-11-21]
Boyd Fletcher
boyd.fletcher at je.jfcom.mil
Wed Nov 21 17:34:40 CST 2007
SHA-1 is no longer cryptographically sound. We should be using the SHA-2
class of hashes and probably set SHA-256 as the minimum.
boyd
On 11/21/07 6:22 PM, "Joe Hildebrand" <hildjj at gmail.com> wrote:
> On Nov 21, 2007, at 1:12 PM, Peter Saint-Andre wrote:
>> > 14. XEP-0115: Entity Capabilities
>> >
>> > Dave objected to removal of hash attribute and hardcoding to SHA-1,
>> > since that is not future-proof. Peter agreed that this needs to be
>> > included.
>
>
> Are we realistically *ever* going to define a new hash algorithm?
> Imagine the breakage that would ensue.
>
> This reminds me, though, that if we don't specify hash, the v
> attribute cannot be optional for new caps; otherwise receivers won't
> know whether this is an old or new caps declaration.
>
> --
> Joe Hildebrand
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.jabber.org/pipermail/standards/attachments/20071121/7b673fdf/attachment.htm
More information about the Standards
mailing list