[Standards-JIG] [Fwd: Re: [Council] meeting agenda, 2006-04-11 - Dialback Key Generation and Validation]

Peter Saint-Andre stpeter at jabber.org
Wed Apr 12 16:30:21 UTC 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Philipp Hancke wrote:
> Matthias wrote:
>> I cannot write to the list, so I write to you: Why not using
>> HMAC-SHA256 instead of defining an own way of how to incorporate
>> a key into the hashing. HMAC-* also fixes all the problems Ian
>> mentions below.
> Yes. I already discussed that with Ian and will update the examples
> accordingly.
> 
> Ian suggested that for the sake of cross-product compability (e.g. a
> screening dialback proxy) the JEP should recommend a specific algorithm.
> Cross-application compability is indeed desirable, but it would probably
> require more than a 'recommendation', which may not be possible in an
> informational JEP.

For now we are going to treat JEPs 0175, 0178, 0185 (and perhaps others)
as the "testing ground" for text that will eventually go into
rfc3920bis. In this week's Jabber Council meeting we decided that it
would be helpful to publish and continue revising these JEPs so that
people have specs to refer to before the new RFCs are published (which
could be quite a while even though I have started to work on rfc3920bis
in a preliminary way). Once rfc3920bis is approved and/or published we
will deprecate the relevant JEPs and point people to the new RFC.

> Assuming that a description of the key generation method is missing from
> rfc3920 because of IETF security requirements:

I think we did not recommend a key generation method because we were not
as sophisticated back then.

> Is is approriate to recommend HMAC-SHA256 (or -212?) in RFC 3920bis and
> describe the key generation and validation accordingly?

Right now I don't see a strong reason not to recommend a specific
algorithm, and re-using an existing algorithm (rather than inventing a
new one) seems like a good idea.

Peter

- --
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEPSsdNF1RSzyt3NURAgSIAKDo106zh8ypn8x+XJeabvwpHZhM1ACfc1kH
/lr0tU7g5y8XQ16M6JQJ7os=
=tqcE
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20060412/51d64405/attachment.bin>


More information about the Standards mailing list