The problem with differing digest/signing specs is implementators have to
deal with all these variants vs implementing a single algorithm that can
be applied to multiple applications.
The point that Earl raises here is fundamental. My own sense is that
IETF specifications very much prefer to limit the core burden on all
implementations. However the world of security, in particular, seems to
need met-mechanisms for specifying the choices that are currently in
fashion or work for particular environments.
I haven't noticed anyone thinking that it is nice to need this
flexibility, but rather than reality dictates it. Mechanisms get
compromised and need to be replaced. Different usage environments
require different degrees/types of security components.
I believe the rule that has developed is to allow a standard way to
specify the choice, and also to require standard support for the
smallest number of choices that are deemed broadly useful.
Worrying about the burden this places on implementors -- and not just
operators -- strikes me as exactly the right focus, so that only what is
essential... for the viability of the global service... will be
required.
d/
---
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker a t ...
WE'VE MOVED to: www.bbiw.net