- From: William A. Rowe, Jr. <wrowe@rowe-clan.net>
- Date: Thu, 10 Aug 2006 09:12:50 -0700
- To: lists@ingostruck.de
- CC: ietf-http-wg@w3.org, adam@estacado.net, scott-http@skrb.org
lists@ingostruck.de wrote: > Hello Scott, Adam, wg-list, > > I just want to give some input to the discussion about > rfc 2617 and the MD5-sess algorithm described there. My own concern, if the MD5-sess dialog is reopened, is to account for the complete dismissal of MD5 for any authn/authz security applications and to reopen the spec to extending the noonce to SHA1 / SHA2 semantics. MD5 is already past it's prime, and SHA1 is heading that way as well. It would be good to anticipate future hash support by adding anything of SHA2 up to SHA-512 and providing for an extensible description of the negotiated hash employed for this purpose.
Received on Thursday, 10 August 2006 16:13:44 UTC