Discussion about Cancel-Lock support
eagle at eyrie.org
Mon Dec 7 00:26:00 UTC 2020
Julien ÉLIE <julien at trigofacile.com> writes:
>> My inclination would be to support all of the non-MD5 algorithms for
>> verification but only generate SHA-256. I don't think there's much
>> gained by using the other algorithms.
>> It looks like Gnus still only supports SHA-1.
> For interoperability reasons, it seems that we'll have to handle a
> transition period, and generate two hashes for each message (SHA-1 and
> SHA-256). And support all of the non-MD5 algorithms to verify cancel
On the generate side, I think it only matters what other servers support,
and I have no feel for what server support is out there and thus whether
we need a transition period for that part. (What we generate won't matter
for Gnus, since it won't have the secret keys for those hashes anyway.)
Agreed on the verification side.
Russ Allbery (eagle at eyrie.org) <https://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<https://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers