[Standards] Hash algorithms (Bits of Binary / Jingle FT)
dave at cridland.net
Tue Jun 29 20:27:17 UTC 2010
On Tue Jun 29 21:12:46 2010, Paul Aurich wrote:
> A few comments about hash algorithms (basing off my reading the
> FT spec  just now and a discussion the Pidgin devs had a few
> ago, which I don't think was brought up in the XMPP community,
> though I
> might have missed it).
> 1) Are there canonical text representations of hash algorithm names
> place? i.e. other than it being the one described in the Bits of
>  spec, how do I know that I should use 'sha1' instead of 'sha-1'?
> Even worse, I just checked Entity Capabilities  and it uses
> as the name of the algorithm!!! :(
There's an IANA registry, which we've generally used in recent
Slightly awkwardly, this relates to X.509 defined hashes, so would be
tricky to update, but an IETF standards action could probably change
that if needs be. (And would have support, I think).
> 5) Should the XSF adopt hash-function recommendations and standards
> all future specs? I'm thinking standardized names (*cough* #1
> as well as MTI recommendations (perhaps choosing SHA-256, as NIST
> recommends ).
There's several uses for hash algorithms - some use-cases demand that
a preimage attack be impossible, some don't, for example. The safest
option for us is to pick a single algorithm - this also has the
advantage of simplifying implementation requirements.
I've said before in IETF-land that a single spec of "this is the sane
MTI security algorithm" would be useful. Perhaps the XSF could show
them how it's done.
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the Standards