[Standards] Proposed XMPP Extension: Jingle File Transfer Description Format

Peter Saint-Andre stpeter at jabber.org
Wed Feb 7 16:02:55 UTC 2007


Nick Parker wrote:
> Should hashes other than MD5 be supported? While it is plenty for 
> checking for corruption, I keep e-hearing about how MD5 is gradually 
> approaching becoming compromised (which would be important if, say, you 
> were worried about someone hijacking a file-send and sending fake files 
> with matching hashes).
> 
> I (tentatively) included support for multiple hash types (SHA512, SHA1, 
> MD5, CRC32) to describe files in my own XEP (see 
> http://www.xmpp.org/extensions/inbox/fileshare.html), should I have 
> instead stuck with MD5-only? At the time, I had figured that support for 
> multiple hashes would be a good trade off between ease of implementation 
> and support for multiple contexts (as far as desired security).

I kept the format exactly the same as what's in XEP-0096 for the sake of 
code re-use in our little bootstrapping process here, but I'm not wedded 
to what's in XEP-0096 -- naturally we can change it around to make it 
better. And it would be nice to sync up with the format used for Google 
Talk file transfer (I chatted with Sean Egan about that late yesterday).

/psa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070207/9dea5d91/attachment.bin>


More information about the Standards mailing list