[standards-jig] Security problems with JEP-115

Jacek Konieczny jajcus at bnet.pl
Fri Sep 19 06:47:19 UTC 2003


On Thu, Sep 18, 2003 at 05:46:36PM +0200, Jacek Konieczny wrote:
> My
> proposal is to use some kind of digest of namespaces supported. Let it
> be the first 3 bytes (written hexadecimaly) of MD5 sum of namespaces in

Forget all I have written about this. This is completely stupid idea 
- 3 bytes hash makes no security. When thinking first about this I
assumed there is limited set of allowed namespaces, but this is, of
course, not true.

Full MD5 sum would be too much when several "bundles" are announced. So
this was not a good way to go neither :-(

Greets,
        Jacek



More information about the Standards mailing list