At 05:10 PM 6/15/98 -0700, Hal Finney wrote:
In looking at the source to PGP 5.5, I see that it had defined hash
algorithm 4 as an experimental double-width version of SHA. It never
created messages with that hash, but if it sees hash algorithm 4, it will
think that is double-SHA rather than HAVAL as the spec has it. Can we
reserve hash algorithm 4 and redefine HAVAL to be 7? That way 5.5 will
know that it is seeing an unrecognized hash if it ever sees hash 7,
and produce an error message. Otherwise it is likely to report a bad
signature if it sees hash 4 because someone used HAVAL.
I have no objection to this. Anyone else?
To all: by the bye, we still don't have OIDs for HAVAL and Tiger. I am
content to leave this situation as it is. But I would be delighted to add
OIDs if someone were to scrounge them. I am even willing to drop them
completely if there's consensus in that direction. I'm just bringing up the
issue. No response means you agree it's okay to leave it as it is.
Jon
-----
Jon Callas jon(_at_)pgp(_dot_)com
CTO, Total Network Security 3965 Freedom Circle
Network Associates, Inc. Santa Clara, CA 95054
(408) 346-5860
Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS)
665B 797F 37D1 C240 53AC 6D87 3A60 4628 (RSA)