On Wed, Feb 22, 2006 at 03:42:41PM -0800, Ned Freed allegedly wrote: > > The only question facing us is whether we jump straight to SHA-256 > > now, or allow both. Jumping is cryptographically wiser as it gets us > > off the weak hash. Allowing both is engineeringly wiser as it forces > > us to be agile now. Neither is a bad choice, sadly. If one were a bad > > choice, then it would be easy. As things sit, we have a hard choice, > > and no matter what we do, people will look back with the wisdom of > > hindsight and cluck their tongues sadly about how stupid we were and > > how *clearly* it would have been better to do the other thing. > > Very nicely put. I completely agree. It should be obvious that I'm in the > "might as well get agility correct now" camp, no doubt because I'm an > implementor first and I've been bitten too many times by bad code and bad > assumptions built into code. But the SHA-256 only position definitely > has merit too.
Me three. As a long-time implementor I suck at getting un-exercised code right. I'd much prefer agility to be essential to a day one deployment, as it'll otherwise never work. Mark. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html