[Council] Fwd: Re: [Jingle] 'hash' attribute underspecified?

Peter Saint-Andre stpeter at stpeter.im
Thu Apr 14 00:44:07 UTC 2011


BTW, I changed this in an interim version of XEP-0096...

http://xmpp.org/extensions/tmp/xep-0096-1.2.html

http://xmpp.org/extensions/diff/api/xep/0096/diff/1.1/vs/1.2rc1

And yes, I just keep adding to the Council's agenda for the next
meeting. Kev's 30-minute rule might be violated. ;-)

-------- Original Message --------
Subject: Re: [Jingle] 'hash' attribute underspecified?
Date: Mon, 16 Aug 2010 17:30:03 -0600
From: Peter Saint-Andre <stpeter at stpeter.im>
Reply-To: XMPP Jingle <jingle at xmpp.org>
To: jingle at xmpp.org

On 6/29/10 10:22 PM, Paul Aurich wrote:
> On 2010-06-29 15:27, Ali Sabil wrote:
>> On Tue, Jun 29, 2010 at 8:50 PM, Paul Aurich <paul at darkrain42.org> wrote:
>>> The hash attribute doesn't seem to be fully specified.  I'm pretty sure
>>> it's (currently) supposed to be a SHA1 hash, but I don't think that's
>>> mentioned anywhere.
>>>
>>
>> It is actually mentioned in xep-0096, this is definitely suboptimal,
>> and need to be fixed. You can find further details here:
>> http://mail.jabber.org/pipermail/techreview/2010-May/000142.html
> 
> Ah, thanks!  As a total aside, it would be awesome if the actual tech
> reviews (as opposed to administrivia) were posted to a mailing list I
> could subscribe to. :)

Yeah, I poked the tech review team about that some time ago...

> Going off what you all said in that, if Jingle FT is using MD5 as the
> hash algorithm (I admit I neglected to count the hash length), I'll
> shout even louder that I think it should be changed to (at least) SHA-1,
> with a mechanism added for hash agility.

In XEP-0096, the 'hash' attribute is the MD5 checksum, and XEP-0234
simply inherits it from XEP-0096. I agree that hardcoding it is bad, I
agree that hardcoding it to MD5 is even worse, and I agree that we need
to fix this in Jingle and ideally (there's that word again!) in XEP-0096
via a revision to that spec.

Hash agility FTW! :)

Peter

-- 
Peter Saint-Andre
https://stpeter.im/



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6105 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/council/attachments/20110413/aa471e6f/attachment-0001.bin>


More information about the Council mailing list