OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [office] Passwords

On 28/11/06, Daniel Carrera <daniel.carrera@zmsl.com> wrote:
> That's a good idea, though I note that since this spec was written some
> new attacks on SHA1 have appeared. Is it possible to say "use xmlenc
> _except_ we change SHA256 from RECOMMENDED to REQUIRED"?
> It seems appropriate to "require" at least one hash which, at the time
> of writing, "has no known attacks".
> Good idea? Bad idea?
How about adding some flexibility for implementors.
I.e. list  a few acceptable encryption algorithms, then require
that an implementation record the one used, which then
means that other implementations can use a number of algorithms
and we can have interop?

The informative clauses can be used to explain the rationale for
requiring SHA256?


Dave Pawson

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]