[Standards] [Fwd: [Council] meeting minutes, 2007-11-21]
boyd.fletcher at je.jfcom.mil
Wed Nov 21 23:34:40 UTC 2007
SHA-1 is no longer cryptographically sound. We should be using the SHA-2
class of hashes and probably set SHA-256 as the minimum.
On 11/21/07 6:22 PM, "Joe Hildebrand" <hildjj at gmail.com> wrote:
> On Nov 21, 2007, at 1:12 PM, Peter Saint-Andre wrote:
>> > 14. XEP-0115: Entity Capabilities
>> > Dave objected to removal of hash attribute and hardcoding to SHA-1,
>> > since that is not future-proof. Peter agreed that this needs to be
>> > included.
> Are we realistically *ever* going to define a new hash algorithm?
> Imagine the breakage that would ensue.
> This reminds me, though, that if we don't specify hash, the v
> attribute cannot be optional for new caps; otherwise receivers won't
> know whether this is an old or new caps declaration.
> Joe Hildebrand
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Standards