[Council] Fwd: Re: [Jingle] 'hash' attribute underspecified?
stpeter at stpeter.im
Thu Apr 14 00:44:07 UTC 2011
BTW, I changed this in an interim version of XEP-0096...
And yes, I just keep adding to the Council's agenda for the next
meeting. Kev's 30-minute rule might be violated. ;-)
-------- Original Message --------
Subject: Re: [Jingle] 'hash' attribute underspecified?
Date: Mon, 16 Aug 2010 17:30:03 -0600
From: Peter Saint-Andre <stpeter at stpeter.im>
Reply-To: XMPP Jingle <jingle at xmpp.org>
To: jingle at xmpp.org
On 6/29/10 10:22 PM, Paul Aurich wrote:
> On 2010-06-29 15:27, Ali Sabil wrote:
>> On Tue, Jun 29, 2010 at 8:50 PM, Paul Aurich <paul at darkrain42.org> wrote:
>>> The hash attribute doesn't seem to be fully specified. I'm pretty sure
>>> it's (currently) supposed to be a SHA1 hash, but I don't think that's
>>> mentioned anywhere.
>> It is actually mentioned in xep-0096, this is definitely suboptimal,
>> and need to be fixed. You can find further details here:
> Ah, thanks! As a total aside, it would be awesome if the actual tech
> reviews (as opposed to administrivia) were posted to a mailing list I
> could subscribe to. :)
Yeah, I poked the tech review team about that some time ago...
> Going off what you all said in that, if Jingle FT is using MD5 as the
> hash algorithm (I admit I neglected to count the hash length), I'll
> shout even louder that I think it should be changed to (at least) SHA-1,
> with a mechanism added for hash agility.
In XEP-0096, the 'hash' attribute is the MD5 checksum, and XEP-0234
simply inherits it from XEP-0096. I agree that hardcoding it is bad, I
agree that hardcoding it to MD5 is even worse, and I agree that we need
to fix this in Jingle and ideally (there's that word again!) in XEP-0096
via a revision to that spec.
Hash agility FTW! :)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6105 bytes
Desc: S/MIME Cryptographic Signature
More information about the Council