On Thu, Mar 27, 2008 at 10:58:29PM +0100, Simon Josefsson wrote: > Maybe we can short-circuit this discussion. Given the trade-offs here, > I propose to use HMAC-SHA-1. +1 Make that the required to implement algorithm. Also provide for HMAC-SHA-256. Then we can later (years later) update the spec to require HMAC-SHA-256.