[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [office] Passwords
On 28/11/06, Daniel Carrera <daniel.carrera@zmsl.com> wrote: > That's a good idea, though I note that since this spec was written some > new attacks on SHA1 have appeared. Is it possible to say "use xmlenc > _except_ we change SHA256 from RECOMMENDED to REQUIRED"? > > It seems appropriate to "require" at least one hash which, at the time > of writing, "has no known attacks". > > Good idea? Bad idea? How about adding some flexibility for implementors. I.e. list a few acceptable encryption algorithms, then require that an implementation record the one used, which then means that other implementations can use a number of algorithms and we can have interop? The informative clauses can be used to explain the rationale for requiring SHA256? regards -- Dave Pawson XSLT XSL-FO FAQ. http://www.dpawson.co.uk
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]