[Standards] hash agility in file transfer

Glenn Maynard glenn at zewt.org
Wed Jun 1 23:00:12 UTC 2011


On Wed, Jun 1, 2011 at 6:26 PM, Peter Saint-Andre <stpeter at stpeter.im> wrote:
> Last year we had some discussions about hash agility in file transfer,
> as a result of which I made an interim version of XEP-0096:
>
> http://xmpp.org/extensions/diff/api/xep/0096/diff/1.1/vs/1.2rc1
>
> However, it seems that the XMPP Council never considered publication of
> that version. Do folks on the list think we need to do anything more
> than what's at that diff?
>
> (And yes, we might need to look at hash agility in other extensions,
> too, but we started with file transfer...)

"Checksum" isn't synonymous with "hash"; a checksum is a particular,
weak hash algorithm.  I'd remove it and only say "hash".

How do you know what hash algorithms are supported by the peer?  This
should be discoverable.

A more flexible method would be:

<hash algorithm="sha-1">a04daec31d4ebd0b804433f5998ee8366055ab8b</hash>
<hash>8ef106170109bc40fdeef1a64eff5262</hash> (algorithm defaults to MD5)

This ties the algorithm with what it's describing, and allows
including multiple hashes.

For specified hashes, the contents of <hash> should be specified; for
MD5 and SHA-1, it's the hex representation of the digest.  (This might
not be the case for all hashes.)

It should be specified explicitly that the hash is of the complete
file, even when only a range is being offered.

-- 
Glenn Maynard



More information about the Standards mailing list