[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: 4.1.2 Validating Integrity
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings! The first paragraph of 4.1.2 Validating Integrity reads: ***** A PDP MAY contain a manifest file, named camp.mf, at the root of the archive. [PDP-06] This file contains SHA256 [SHA256] digests of some or all files in the package. A Provider SHOULD reject a PDP if any digest listed in the manifest does not match the computed digest for that file in the package. [PDP-07] ***** I take the implication of: "This file contains SHA256 [SHA256] digests of some or all files in the package." to be that a manifest file contains only SHA256 digests. And any PDF with a listed digest that does not match a computed SHA256 digest for a file in the package should be rejected. Yes? The reason I ask is that 6.1 Transfer Protocol: ***** TLS 1.1 [RFC4346] SHALL be implemented by the Provider. [PR-41] TLS 1.2 [RFC5246] is RECOMMENDED.[PR-42] When TLS is implemented, the following cipher suites are RECOMMENDED to ensure a minimum level of security and interoperability between implementations: TLS_RSA_WITH_AES_128_CBC_SHA (mandatory for TLS 1.1/1.2) [PR-43] TLS_RSA_WITH_AES_256_CBC_SHA256 (addresses 112-bit security strength requirements) [PR-44] ***** may cause some confusion. True, one requirement is for transport and the other for digests but why permit a weaker transport protocol than is used for digests? Second, my bad on my RFC 4346 comment yesterday in not noticing it has been obsoleted by RFC5246. Obsolete RFCs should not be used as normative references. I will supplement that comment. BTW, SHA-3 is in the process of being published, as your encryption specialists already know: http://www.nist.gov/itl/csd/sha-100212.cfm Hope everyone is having a great day! Patrick - -- Patrick Durusau patrick@durusau.net Technical Advisory Board, OASIS (TAB) Former Chair, V1 - US TAG to JTC 1/SC 34 Convener, JTC 1/SC 34/WG 3 (Topic Maps) Editor, OpenDocument Format TC (OASIS), Project Editor ISO/IEC 26300 Co-Editor, ISO/IEC 13250-1, 13250-5 (Topic Maps) Another Word For It (blog): http://tm.durusau.net Homepage: http://www.durusau.net Twitter: patrickDurusau -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSKMxPAAoJEAudyeI2QFGo68MP/0JzV7b59jAJvzKQz1iFuZmk 0n9pTXA0VkFBrn/Ti9AmdpjwPwc5t9hVAFw+uyWwCNpAFO0ZSo6SwO3yUMLyFjG6 l6FNzJ7w2976uR48/Ze7mi5xt6HFR//sS3p/LpVhbNohF+zeAyWQKKFes8lLiHwT FGjDrdpjXAW6m6Ifm6vN8kp8Ix11RiuMzBLmFmSWZLK6HPbqpsYLmNnq7D6Lsoae o3tSMInTuHdZ3U3mOeN/geatHMfV72j4qpwP32cn+459oXPPmclCv74kEc3yJJI0 81R10VR488Bog+qOs+nxJjl3Wss6RhAZReXVCMs/htItWy+oslpE+ccvOkwhYMyW auMHH+ZMUKTiXd/cJdCzaLbaNKI5z6dnsWcJ3ulRrfijqJodZE4WTQqIiUXw/wbP vwMSZz+E88EQq6C2AqfzFDYeVDRpdTC2VjrdJHPDnVIw7qdoeTl2u9D6bWEeuIrq Jp5LUmDBBIb5CnTdOiG72O0c4vDXb5icOJxfvfT4OyeiP+RKPG0vWacCdx9Su25F 656Y6n7J6qJuJ9OjPirVmGoyXNJY8AVoRBqjSqZAnn06OaH5Q96AKe4+y+RvkP/O f7R6lUtOYMC2LGUD0KKpKdO2EMHrH6b+noO1JreuaX2phUv8oMR9bxA7iAfG2p+G jEkQy5HzYAtSdaullVMA =JLSj -----END PGP SIGNATURE-----
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]