[Standards] [Fwd: [Council] meeting minutes, 2007-11-21]

Boyd Fletcher boyd.fletcher at je.jfcom.mil
Wed Nov 21 23:34:40 UTC 2007


SHA-1 is no longer cryptographically sound. We should be using the SHA-2
class of hashes and probably set SHA-256 as the minimum.


boyd



On 11/21/07 6:22 PM, "Joe Hildebrand" <hildjj at gmail.com> wrote:

> On Nov 21, 2007, at 1:12 PM, Peter Saint-Andre wrote:
>> > 14. XEP-0115: Entity Capabilities
>> >
>> > Dave objected to removal of hash attribute and hardcoding to SHA-1,
>> > since that is not future-proof. Peter agreed that this needs to be
>> > included.
> 
> 
> Are we realistically *ever* going to define a new hash algorithm?
> Imagine the breakage that would ensue.
> 
> This reminds me, though, that if we don't specify hash, the v
> attribute cannot be optional for new caps; otherwise receivers won't
> know whether this is an old or new caps declaration.
> 
> --
> Joe Hildebrand
> 
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20071121/7b673fdf/attachment.html>


More information about the Standards mailing list