Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deemphasize mbox_sha1sum; augment with mbox_sha2sum #1096

Open
pbadams opened this issue Oct 2, 2020 · 4 comments
Open

deemphasize mbox_sha1sum; augment with mbox_sha2sum #1096

pbadams opened this issue Oct 2, 2020 · 4 comments

Comments

@pbadams
Copy link

pbadams commented Oct 2, 2020

the xAPI specification should be updated to use SHA2 algorithms, as SHA1 is no longer recommended.

For organizations capturing xAPI statements containing personally identifiable information (PII) of customers, using SHA1 is not strong enough to safely store customer PII.

@blakeplock
Copy link

This is being addressed in IEEE P9274.4.2 on Cybersecurity for xAPI. Security language itself is being stripped from the base P9274.1.1 standard.

@pbadams
Copy link
Author

pbadams commented Oct 2, 2020

Thanks @blakeplock, that's good to know. I've done a quick Google, but I'm unable to find any status information for P9274.4.2. Can you point me at a link or mailing list? Many thanks.

@blakeplock
Copy link

Hey @pbadams -- Sorry for the delay. Super early draft/template is here: https://docs.google.com/document/d/1eS02PK_npsn3NTH0OrKWTSqlEUQ6jn77KU3ep2QdpBE/edit#heading=h.5q13vabaelju

The standards activity was approved by IEEE as P9274.4.2. Schedule of WG meetings has been established yet. I'm hoping to get it running after this month's 9274.1.1 call and nailing everything down into a decent draft over 4-ish months.

@fnoks
Copy link

fnoks commented Aug 30, 2022

Any updates on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants