atom feed22 messages in org.oasis-open.lists.officeRe: [office] Passwords
FromSent OnAttachments
Patrick DurusauNov 27, 2006 4:51 pm 
David FaureNov 28, 2006 1:07 am 
Daniel CarreraNov 28, 2006 1:40 am.pgp
Florian ReuterNov 28, 2006 2:32 am 
Daniel CarreraNov 28, 2006 2:51 am.pgp
Dave PawsonNov 28, 2006 2:58 am 
Daniel CarreraNov 28, 2006 3:12 am.pgp
Patrick DurusauNov 28, 2006 3:30 am 
Daniel CarreraNov 28, 2006 6:29 am.pgp
Patrick DurusauNov 28, 2006 6:47 am 
Daniel CarreraNov 28, 2006 6:59 am.pgp
robe...@us.ibm.comNov 28, 2006 7:37 am 
Michael Brauer - Sun Germany - ham02 - HamburgNov 28, 2006 7:42 am 
Daniel CarreraNov 28, 2006 8:16 am.pgp
Patrick DurusauNov 28, 2006 11:07 am 
Daniel CarreraNov 29, 2006 1:07 am.pgp
Michael Brauer - Sun Germany - ham02 - HamburgDec 8, 2006 2:50 am 
Daniel CarreraDec 8, 2006 3:54 am.pgp
Michael Brauer - Sun Germany - ham02 - HamburgDec 8, 2006 4:18 am 
Michael Brauer - Sun Germany - ham02 - HamburgJan 15, 2007 2:24 am 
Zhi Yu YueJan 15, 2007 6:19 am 
Michael Brauer - Sun Germany - ham02 - HamburgJan 15, 2007 6:36 am 
Subject:Re: [office] Passwords
From:Dave Pawson (dave@gmail.com)
Date:Nov 28, 2006 2:58:56 am
List:org.oasis-open.lists.office

On 28/11/06, Daniel Carrera <dani@zmsl.com> wrote:

That's a good idea, though I note that since this spec was written some new attacks on SHA1 have appeared. Is it possible to say "use xmlenc _except_ we change SHA256 from RECOMMENDED to REQUIRED"?

It seems appropriate to "require" at least one hash which, at the time of writing, "has no known attacks".

Good idea? Bad idea?

How about adding some flexibility for implementors. I.e. list a few acceptable encryption algorithms, then require that an implementation record the one used, which then means that other implementations can use a number of algorithms and we can have interop?

The informative clauses can be used to explain the rationale for requiring SHA256?

regards

-- Dave Pawson XSLT XSL-FO FAQ. http://www.dpawson.co.uk