CRC-32? Do we need OAuth for smart price labels? On Wed, Apr 29, 2009 at 2:57 PM, Eran Hammer-Lahav <e...@hueniverse.com>wrote:
> When we wrote OAuth, there was some resistance to dropping MD5 and CRC32. > That wiki language was the compromise, with the plan to write an extension > for those. Since no one asked for it since then, it was never written. > > EHL > > > > On 4/29/09 6:18 AM, "Simone Tripodi" <simone.trip...@gmail.com> wrote: > > > > Ciao Luca :) > thanks for your reply, since in the wiki page they say > > "We agreed to drop MD5, CRC32, and the likes from the spec due to > security concerns. However, those signing algorithms should still be > documented and will be supported by vendors so we might as well > provide a consistent way of using them." > > I was looking for some documentation just to have a look at those methods. > Thanks!!! > Simone > > On Wed, Apr 29, 2009 at 2:37 PM, Luca Mearelli <luca.meare...@gmail.com> > wrote: > > > > hi, > > > > On Wed, Apr 29, 2009 at 11:56 AM, Simone Tripodi > > <simone.trip...@gmail.com> wrote: > >> I'd like to know more about signature methods extension mentione on > >> the wiki page: > >> > >> http://wiki.oauth.net/SignatureMethods > > > > section 9 in the spec. defines the requirement for signatures but does > > not mandate a specific signature method it rather describes an > > algorithm to define the text to be signed (the "signature base > > string") and "defines three signature methods: HMAC-SHA1, RSA-SHA1, > > and PLAINTEXT, but Service Providers are free to implement and > > document their own methods." i.e. Some service provider implementer > > could choose to build his own signature method (e.g. using different > > crypto) as long as it properly documents it but I honestly can't > > remember any SP that has done so... > > > > anyhow it seems that the wiki page was calling for documenting in a > > standard way the specific signature methods developed by the various > > SPs (i noticed that the wiki page pre-dates the "OAuth Core 1.0" spec > > which was published on Dec 4th 2007). > > > > ciao, > > Luca > > > > > > > > > > > -- > http://www.google.com/profiles/simone.tripodi > > > > > > > -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---