[mdx] MDQ draft and SHA-1

[Alex Stuart]

Hi Ian,

> On 13 Jan 2020, at 16:01, Ian Young <ian at iay.org.uk> wrote:
> 
> 
>> On 2020-01-13, at 15:55, Ian Young <ian at iay.org.uk> wrote:
>> 
>> given that the draft needs refreshing to stay unexpired anyway
> 
> I should have added that I'd hope to push that out as a new draft THIS THURSDAY AFTERNOON 2020-01-16 with any corrections, so please review and comment before then if possible.
> 

I've a grammar nit. 

In lines 319 and 320, the document says "Both the [SAML2Bind] sections 3.6 and 3.6.4 uses of SHA-1, and its resulting use in this protocol, would be vulnerable to an attack…" 

I think that "both" could be taken to mean that there are distinct use described in both section 3.6 and 3.6.4; I certainly interpreted it that way on a first reading. Since SHA-1 is only explicitly mentioned in [SAML2Bind] in section 3.6.4, what would make more sense to me is "The use of SHA-1 in section 3.6.4 of [SAML2Bind], and its resulting use in this protocol, would be vulnerable to an attack…" 

Alex

—
Alex Stuart, Principal technical support specialist (UK federation)               
alex.stuart at jisc.ac.uk
UK federation helpdesk: service at ukfederation.org.uk






-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3881 bytes
Desc: not available
URL: <http://lists.iay.org.uk/pipermail/mdx-iay.org.uk/attachments/20200115/d272c1b6/attachment.bin>