[mdx] MDQ draft and SHA-1
Ian Young
ian at iay.org.uk
Thu Jan 16 07:08:08 PST 2020
> On 2020-01-15, at 11:57, Alex Stuart <Alex.Stuart at jisc.ac.uk> wrote:
>
> I've a grammar nit.
>
> In lines 319 and 320, the document says "Both the [SAML2Bind] sections 3.6 and 3.6.4 uses of SHA-1, and its resulting use in this protocol, would be vulnerable to an attack…"
>
> I think that "both" could be taken to mean that there are distinct use described in both section 3.6 and 3.6.4; I certainly interpreted it that way on a first reading. Since SHA-1 is only explicitly mentioned in [SAML2Bind] in section 3.6.4, what would make more sense to me is "The use of SHA-1 in section 3.6.4 of [SAML2Bind], and its resulting use in this protocol, would be vulnerable to an attack…"
I agree that your alternative reads better, so I will incorporate it.
Thanks,
-- Ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.iay.org.uk/pipermail/mdx-iay.org.uk/attachments/20200116/374ebad4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3883 bytes
Desc: not available
URL: <http://lists.iay.org.uk/pipermail/mdx-iay.org.uk/attachments/20200116/374ebad4/attachment.bin>
More information about the mdx
mailing list