[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AH-MD5

To: "Theodore Ts'o" <tytso@MIT.EDU>
Subject: Re: AH-MD5
From: "Perry E. Metzger" <perry@imsi.com>
Date: Tue, 24 Jan 1995 23:27:58 -0500
Cc: hughes@hughes.network.com, hugo@watson.ibm.com, bsimpson@morningstar.com, IPSEC@ans.net, jis@MIT.EDU
In-Reply-To: Your message of "Tue, 24 Jan 1995 21:43:53 +0500." <9501250243.AA08095@dcl.MIT.EDU>
Reply-To: perry@imsi.com


"Theodore Ts'o" says:
> Here's another "me too"; I'd personally feel a lot safer with a prepend
> and postpend of the MD5 key.
> 
> Is there some strong objection to this, or should we just go ahead and
> do it?

My only objection is that it feels very much like it just gives people
warm fuzzies without any rational need for it -- since we are
including the length of the packet in the protected area, we are not
susceptible to appending attacks. It also wastes CPU. If people
insist, however, I suppose it will go the way the bulk of people
want. I'd still like to hear a solidly rational reason for it beyond
that it makes people feel better. Remember that this is NOT the same
sort of situation as keyed-MD5 without a protected length field.

I'm not trying to denegrate anyone here, by the way -- you, Hugo, and
others who have asked for this are all high on my list of people I
esteem in the working group. In this case, though, I'd feel better if
someone gave me a cryptographically based argument for appending the
key.

Perry

Follow-Ups:

Re: AH-MD5

From: Hilarie Orman <ho@cs.arizona.edu>

References:

Re: AH-MD5

From: Theodore Ts'o <tytso@MIT.EDU>

Prev by Date: Re: AH-MD5
Next by Date: Re: AH-MD5
Prev by thread: Re: AH-MD5
Next by thread: Re: AH-MD5
Index(es):
- Main
- Thread