Skip to main content

Early Review of draft-bryan-http-digest-algorithm-values-update-

Request Review of draft-bryan-http-digest-algorithm-values-update
Requested revision No specific revision (document currently at 04)
Type Early Review
Team Security Area Directorate (secdir)
Deadline 2010-01-01
Requested 2009-10-16
Authors Anthony Bryan
I-D last updated 2009-12-24
Completed reviews Secdir Early review of -?? by Radia Perlman
Assignment Reviewer Radia Perlman
State Completed
Request Early review on draft-bryan-http-digest-algorithm-values-update by Security Area Directorate Assigned
Completed 2009-12-24
I have reviewed this document as part of the security directorate's 

ongoing effort to review all IETF documents being processed by the 

IESG.  These comments were written primarily for the benefit of the 

security area directors.  Document editors and WG chairs should treat 

these comments just like any other last call comments.

This document just updates the HTTP digest algorithm values, and as such 

doesn't really have security


First a question...this isn't a cryptographic checksum, and it might be 

nice if the document said what

its purpose is. I assume it's for caching, so that you can quickly check 

if a page has changed?

Now not to pick on this spec, but perhaps something IETF might
consider, two issues:

Terminology issue: even though people routinely use the terminology 

"SHA-256", perhaps it's time to also include

the version of SHA, as in SHA-2-256, since other versions of SHA might 

have overlapping sizes with

SHA-1 and SHA-256.

And having a registry for each algorithm for each protocol seems 

unwieldly---each time a new algorithm happens,

does it mean a bunch of specs have to come out with an update document 

like this one? Could it instead

be a single registry that all specs point to?