On Mon, Dec 1, 2008 at 5:51 AM, Nils <[EMAIL PROTECTED]> wrote: > > The current revision of the IETF draft misses some limitations > metalink should impose on hashes (either <hash> or <piece>). > > As discussed before md2 and md5 are considered broken. Hence we > discussed only allowing sha1 or "better", namely the sha2 family and > maybe whirlpool and tigerhash. > > The current draft, however, specifies: > "The IANA registry named "Hash Function Textual Names" defines values > for hash types." > Said registry[1] currently defines: >> Hash Function Name OID Reference >> --------------------- ---------------------------- --------- >> "md2" 1.2.840.113549.2.2 [RFC3279] >> "md5" 1.2.840.113549.2.5 [RFC3279] >> "sha-1" 1.3.14.3.2.26 [RFC3279] >> "sha-224" 2.16.840.1.101.3.4.2.4 [RFC4055] >> "sha-256" 2.16.840.1.101.3.4.2.1 [RFC4055] >> "sha-384" 2.16.840.1.101.3.4.2.2 [RFC4055] >> "sha-512" 2.16.840.1.101.3.4.2.3 [RFC4055] > > So md2 and md5 are allowed according to the spec? > While tigerhash and whirlpool are not? > And what about the recommendation/requirement to at least support > sha-1? There is no such thing in the draft. > > Cheers > Nils > > [1] http://www.iana.org/assignments/hash-function-text-names/
thanks for bringing up this Nils. the IANA Hash and "Operating System Names" registry will both need to be updated. where do you think I should put the rec to at least support sha-1 in our draft? under "Client Implementation Considerations" section, or for the 2 "type" Attribute sections? -- (( Anthony Bryan ... Metalink [ http://www.metalinker.org ] )) Easier, More Reliable, Self Healing Downloads --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Metalink Discussion" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/metalink-discussion?hl=en -~----------~----~----~----~------~----~------~--~---
