The current revision of the IETF draft misses some limitations metalink should impose on hashes (either <hash> or <piece>).
As discussed before md2 and md5 are considered broken. Hence we discussed only allowing sha1 or "better", namely the sha2 family and maybe whirlpool and tigerhash. The current draft, however, specifies: "The IANA registry named "Hash Function Textual Names" defines values for hash types." Said registry[1] currently defines: > Hash Function Name OID Reference > --------------------- ---------------------------- --------- > "md2" 1.2.840.113549.2.2 [RFC3279] > "md5" 1.2.840.113549.2.5 [RFC3279] > "sha-1" 1.3.14.3.2.26 [RFC3279] > "sha-224" 2.16.840.1.101.3.4.2.4 [RFC4055] > "sha-256" 2.16.840.1.101.3.4.2.1 [RFC4055] > "sha-384" 2.16.840.1.101.3.4.2.2 [RFC4055] > "sha-512" 2.16.840.1.101.3.4.2.3 [RFC4055] So md2 and md5 are allowed according to the spec? While tigerhash and whirlpool are not? And what about the recommendation/requirement to at least support sha-1? There is no such thing in the draft. Cheers Nils [1] http://www.iana.org/assignments/hash-function-text-names/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Metalink Discussion" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/metalink-discussion?hl=en -~----------~----~----~----~------~----~------~--~---
