I support publication
of this draft as an RFC. However, I have several comments that
I would suggest the authors address prior to publication:
- While the security
considerations make clear the difference between this and a I
cryptographic hash, I have a concern that the algorithm might
be applied in inappropriate situations. Therefore, I would
ask that the introduction include some applicability
discussion with some formal analysis. This could be an
expansion of the third paragraph of when the hash should NOT
be used.
- I'm not a fan of dropping C code into RFCs, because if a bug is found, implementers need to understand our errata system, assuming an erratum is even filed. I'd suggest a reference.
- While the history of the work is fine to have in the draft, I would move it down to the last paragraph of the intro. That way the reader gets to the point of the work faster.
Regards,
Eliot
Attachment:
OpenPGP_0x87B66B46D9D27A33.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
-- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
