W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2009

RE: Last Call: draft-bryan-http-digest-algorithm-values-update (Additional Hash Algorithms for HTTP Instance Digests) to Informational RFC

From: Eran Hammer-Lahav <eran@hueniverse.com>
Date: Fri, 4 Dec 2009 10:42:21 -0700
To: "ietf@ietf.org" <ietf@ietf.org>
CC: "Anthony Bryan (anthonybryan@gmail.com)" <anthonybryan@gmail.com>, "HTTP Working Group (ietf-http-wg@w3.org)" <ietf-http-wg@w3.org>
Message-ID: <90C41DD21FB7C64BB94121FBBC2E7234378529364B@P3PW5EX1MB01.EX1.SECURESERVER.NET>
I am supportive of updating *a* registry.

The OAuth working group has an open requirement for standard identifiers to describe hash/digest functions.

What is not clear to me is the relationship of this registry and:

http://www.iana.org/assignments/hash-function-text-names/

which seems to overlap.

I am not sure why we need both, and if we do (because they are protocol specific and required for interoperability), how should a new specification decide which to use or if a new registry is required. For example my uneducated reading of 4572 suggests it is not exactly the same use case as the previous RFCs using that registry.

In addition, using different tokens for the same algorithm across protocols seems like a bad idea (lower case, upper case, SHA vs sha-1).

And since both include MD5... arguments about appropriate hash algorithm to increase security fail.

EHL


> -----Original Message-----
> From: ietf-announce-bounces@ietf.org [mailto:ietf-announce-
> bounces@ietf.org] On Behalf Of The IESG
> Sent: Friday, December 04, 2009 6:44 AM
> To: IETF-Announce
> Subject: Last Call: draft-bryan-http-digest-algorithm-values-update
> (Additional Hash Algorithms for HTTP Instance Digests) to Informational RFC
> 
> The IESG has received a request from an individual submitter to consider the
> following document:
> 
> - 'Additional Hash Algorithms for HTTP Instance Digests '
>    <draft-bryan-http-digest-algorithm-values-update-03.txt> as an
> Informational RFC
> 
> The IESG plans to make a decision in the next few weeks, and solicits final
> comments on this action.  Please send substantive comments to the
> ietf@ietf.org mailing lists by 2010-01-01. Exceptionally, comments may be
> sent to iesg@ietf.org instead. In either case, please retain the beginning of
> the Subject line to allow automated sorting.
> 
> The file can be obtained via
> http://www.ietf.org/internet-drafts/draft-bryan-http-digest-algorithm-
> values-update-03.txt
> 
> 
> IESG discussion can be tracked via
> https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=
> 19094&rfc_flag=0
> 
> _______________________________________________
> IETF-Announce mailing list
> IETF-Announce@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-announce
Received on Friday, 4 December 2009 17:42:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:14 GMT