On Sun, Oct 13, 2024 at 3:39 PM Martin Thomson <mt@xxxxxxxxxxxxxx> wrote:
On Sun, Oct 13, 2024, at 10:23, Eric Rescorla wrote:
> IMO the IESG should decline to publish this document.
In my opinion also.
Yeah. That seems right to me, but shouldn't the "Security Considerations" cover the attacks in
"The Python programming language previously used a modified version of the FNV scheme for its default hash function. From Python 3.4, FNV has been replaced with SipHash to resist 'hash flooding' denial-of-service attacks."
We do internet protocols here in the IETF, so I think those attacks are salient to the IETF mission. FNV seems like a good choice for internal data structures (not IETF territory). But no objection to documenting it on the Independent stream.
thanks,
Rob
-- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
