Re: Crypto agility in SCRAM + draft-josefsson-password-auth?

[Simon Josefsson <simon@xxxxxxxxxxxxx>]

Nicolas Williams <Nicolas.Williams@xxxxxxx> writes:

> On Thu, Mar 27, 2008 at 10:58:29PM +0100, Simon Josefsson wrote:
>> Maybe we can short-circuit this discussion.  Given the trade-offs here,
>> I propose to use HMAC-SHA-1.
>
> +1
>
> Make that the required to implement algorithm.

Agreed.

> Also provide for HMAC-SHA-256.  Then we can later (years later) update
> the spec to require HMAC-SHA-256.

Provide for in what way?

Including negotiation of hash algorithm in the mechanism?

Have the hash algorithm be part of the SASL mechanism name and the
GSS-API OID?

Specify that when storing password-equivalents that servers should store
a HMAC-SHA-256 variant for future compatibility?

Thanks,
/Simon