On Apr 18, 2012, at 07:22 PM, Richard Wackerbarth wrote:
I don't understand the proposal. By "added to this hash", do you mean "included in the set of elements that get hashed" or do you mean "appended to the hash value"?
I mean "append (or prepend, we have to decide ;) to the hash input. Specifically. Let's say you have this message snippet: List-Post: foo.example.com Message-ID: <bar> under the current algorithm is: >>> from base64 import b32encode >>> from hashlib import sha1 >>> s = sha1('bar') >>> b32encode(s.digest()) 'MLG3OAQP7EQOLKTEFQ6UAZUVBXI7AH2N' but after the elaboration suggested in this bug would be: >>> s = sha1('bar') >>> s.update('foo.example.com') >>> b32encode(s.digest()) 'P67IMDMX6CRPP3TXX26OMJEOX2DDK6WN'
Presumedly, the sole purpose in publishing an algorithm to create the hash is to make it possible for two handlers to independently develop the same hash given only the message. Otherwise, a "secret" method could be used to assign a unique identifier to the message.
Exactly.
In either case, this suggested change renews my argument that the resulting hash should be tagged, visibly, with a "protocol revision designator". Omitting that designation transforms the chosen calculation method into a "secret".
The way to do that is probably to use a parameter on the header, e.g. Permalink-Hash: P67IMDMX6CRPP3TXX26OMJEOX2DDK6WN; version=1