On Dec 2, 12:21 am, "Anthony Bryan" <[EMAIL PROTECTED]> wrote: > thanks for bringing up this Nils. > > the IANA Hash and "Operating System Names" registry will both need to > be updated. > > where do you think I should put the rec to at least support sha-1 in our > draft? > > under "Client Implementation Considerations" section, or for the 2 > "type" Attribute sections?
It seems reasonable to bring this up in the type section. Using "clients supporting verification SHOULD at least implement sha-1." language seems appropriate to me. Or maybe it should be phrased "the current secure hash function as defined by NIST, sha-1 at the time of writing"? For pieces it would be ok to use md2 and md5 (or even crc32 or similar), provided that there is an overall hash. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Metalink Discussion" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/metalink-discussion?hl=en -~----------~----~----~----~------~----~------~--~---
