Skip to main content

5. Hash Algorithm Considerations and Registration

There are a wide variety of hashing algorithms that can be used for the purposes of integrity. The choice of algorithm depends on several factors such as the integrity use case, implementation needs or constraints, or application design and workflows.

An initial set of algorithms will be registered with IANA in the "Hash Algorithms for HTTP Digest Fields" registry; see Section 7.2. Additional algorithms can be registered in accordance with the policies set out in this section.

Each algorithm has a status field that is intended to provide an aid to implementation selection.

Algorithms with a status value of "Active" are suitable for many purposes and it is RECOMMENDED that applications use these algorithms. These can be used in adversarial situations where hash functions might need to provide resistance to collision, first-preimage, and second-preimage attacks. For adversarial situations, selection of the acceptable "Active" algorithms will depend on the level of protection the circumstances demand. More considerations are presented in Section 6.6.

Algorithms with a status value of "Deprecated" either provide none of these properties or are known to be weak (see [NO-MD5] and [NO-SHA]). These algorithms MAY be used to preserve integrity against corruption, but MUST NOT be used in a potentially adversarial setting, for example, when signing Integrity fields' values for authenticity. Permitting the use of these algorithms can help some applications (such as those that previously used [RFC3230], are migrating to this specification (Appendix E), and have existing stored collections of computed digest values) avoid undue operational overhead caused by recomputation using other more-secure algorithms. Such applications are not exempt from the requirements in this section. Furthermore, applications without such legacy or history ought to follow the guidance for using algorithms with the status value "Active".

Discussion of algorithm agility is presented in Section 6.6.

Registration requests for the "Hash Algorithms for HTTP Digest Fields" registry use the Specification Required policy (Section 4.6 of [RFC8126]). Requests should use the following template:

  • Algorithm Key: The Structured Fields key value used in Content-Digest, Repr-Digest, Want-Content-Digest, or Want-Repr-Digest field Dictionary member keys.

  • Status: The status of the algorithm. The options are:

    • "Active": Algorithms without known problems
    • "Provisional": Unproven algorithms
    • "Deprecated": Deprecated or insecure algorithms

  • Description: A short description of the algorithm.

  • Reference(s): Pointer(s) to the primary document(s) defining the Algorithm Key and technical details of the algorithm.

When reviewing registration requests, the designated expert(s) should pay attention to the requested status. The status value should reflect standardization status and the broad opinion of relevant interest groups such as the IETF or security-related Standards Development Organizations (SDOs). The "Active" status is not suitable for an algorithm that is known to be weak, broken, or experimental. If a registration request attempts to register such an algorithm as "Active", the designated expert(s) should suggest an alternative status of "Deprecated" or "Provisional".

When reviewing registration requests, the designated expert(s) cannot use a status of "Deprecated" or "Provisional" as grounds for rejection.

Requests to update or change the fields in an existing registration are permitted. For example, this could allow for the transition of an algorithm status from "Active" to "Deprecated" as the security environment evolves.

Last updated on