What do we do with our SHA References? (Was: What do we do with our CMS References?) from Joseph Reagle on 2002-04-29 (xml-encryption@w3.org from April 2002)

From: Joseph Reagle <reagle@w3.org>
Date: Mon, 29 Apr 2002 16:21:48 -0400
To: aleksey@aleksey.com
Cc: Donald Eastlake 3rd <dee3@torque.pothole.com>, xml-encryption@w3.org
Message-Id: <20020429202149.668D8294@policy.w3.org>

On Monday 29 April 2002 12:46, Aleksey Sanin wrote:
> Yes, it is correct now. Probably the wrong version was cached by my
> browser. I also think that it's a good idea to note that SHA2 algorithms
> (SHA256/SHA512)
> are also in the "draft" stage.

Presently the reference says:

SHA 
Secure Hash Standard. NIST FIPS 180-1. April 1995. 
http://www.itl.nist.gov/fipspubs/fip180-1.htm 
 (Being extended to cover SHA-256 and SHA-512. See Draft FIPS 180-2.) 
 (http://csrc.nist.gov/encryption/shs/dfips-180-2.pdf 

Should we break this apart in to a SHA1 and SHA2 reference? Don, I think 
the "being extended" is your text, though I'm not sure what it means and 
I'm not that familiar with FIPSs. Will they still consider it the same 
standard, or FIPS 180-2 is a distinct specification (that supercede 180-1, 
but 180-1 can still be referenced)?

Also, in the CMS references, for the text we rely upon we include in-line 
in our spec, so we are protected from changes to those specifications. 
However, we don't do that for SHA2 -- and I wouldn't want to. Do folks know 
what the plans are for that spec? Is it likely to change at all?

Received on Monday, 29 April 2002 16:40:03 UTC