[mdx] Joe on 3.1.1

Tom Scavo trscavo at gmail.com
Thu Sep 26 13:18:28 PDT 2013 

On Thu, Sep 26, 2013 at 10:03 AM, Ian Young <ian at iay.org.uk> wrote:
>
>> Responders MUST support the MD5 (transformation indicator 'md5') and
>> SHA-1 (transformation indicator 'sha1')
>
> There was some discussion on whether this was desirable.  Leif wanted case-insensitivity, for robustness, but Scott disagreed:
>
>> I'd prefer not. URLs are case sensitive, and I'd rather not introduce
>> folding requirements.
>
> My remarks: I side with Scott on this one and unless Leif has strong feelings I think we'll take that as it stands.

+1

> The other observation I'd make is that there's no justification in the present text for making two transformation indicators MTI. I guess one might have a very small performance benefit over the other, but if there is no security implication then why wouldn't every client just pick the shorter/faster one?  Likewise if there is no visible performance benefit but a security consideration why wouldn't every client just pick the more secure one?

Well, I've already implemented this, so I'll share my "lessons
learned." I started with MD-5 since there wasn't a security concern
(AFAICT) and since an MD-5 hash was shorter and therefore more usable.
Later I switched to SHA-1 for the same reason some people run their
entire web site over SSL/TLS, that is, a naive user will come to
believe it is more secure. I kick myself for falling into that trap,
however, and I often think I should go back to MD-5. Take it FWIW.

> I'd also like to raise a specific *disadvantage* of having two MTI algorithms, which is that it means that a system which caches results (whether in the conventional sense or just by pre-computing signed documents and stashing them in files called md5-f3678248a29ab8e8e5b1b00bee4060e0.xml) has to construct two indices, or alias one set of keys to the other.

I must be missing something. The mapping from entityID to filename
happens on the server side. The end client doesn't get to choose the
encoding scheme. That is an opaque implementation choice.

> Without some guidance as to how to pick which of the two MTI algorithms, I propose that we should in fact just pick one algorithm. Please comment on this idea, along with which algorithm you think we should pick if you think we should pick just one.

As I said, I don't see why it matters, but if I'm wrong, and I have to
pick one, I would choose SHA-1 for the illusion of security it
provides (but I would do so kicking and screaming the entire way).

> If we were picking just one, of course, there's no rule that says that we'd have to pick either MD5 or SHA-1. If we thought that there was a potential security issue being surfaced, we could also just pick SHA-256.

<sigh> ;-)

Tom

More information about the mdx mailing list