At 07:26 AM 3/26/98 +0100, Thomas Roessler wrote:
I completely agree. But those parts of the spec which are
already trying to shut down such channels should be
written in a more thorough fashion. I'd be quite happy
with _random_ Message IDs - if an implementation has a bad
random generator, you are in trouble anyways.
If you're dissatisfied with the wording, feel free to reword them.
In this particular case, I think there's merit in *suggesting* but not
mandating that the message id be a function of the message. There's nothing
wrong in suggesting that a hash be used, but there are plenty of other
suitable ways to do it, including just taking a slice of funtional slice
cyphertext, which is mathematically "random" and cannot leak any
information. Cyphertext is always sent in the clear, as it were.
I also think there's merit in not mandating how it's done, as long as it's
deterministic. However, I'm willing to listen to anyone who wants to argue
that that MUST on determinism be a SHOULD.
Jon
-----
Jon Callas jon(_at_)pgp(_dot_)com
CTO, Total Network Security 4200 Bohannon Drive
Network Associates, Inc. Menlo Park, CA 94025
(650) 473-2860
Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS)
665B 797F 37D1 C240 53AC 6D87 3A60 4628 (RSA)