[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AH-MD5

To: hugo@watson.ibm.com, bsimpson@morningstar.com, ipsec@ans.net
Subject: Re: AH-MD5
From: "Perry E. Metzger" <perry@imsi.com>
Date: Wed, 25 Jan 1995 11:38:00 -0500
In-Reply-To: Your message of "Wed, 25 Jan 1995 11:09:09 EST." <199501251625.LAA20495@wintermute.imsi.com>
Reply-To: perry@imsi.com


hugo@watson.ibm.com says:
> Also, if you read my original note it says:
> 
>    In my opinion, if the IETF goes for a "standard" prepend-MD5
>    they should define explicitely
>    that the length parameter is prepended to the computation
>    (say after the key) and not left to the "luck" of having or not
>    the length in a fixed offset in the information (as it "happens"
>    to be in the IP header).
> 
> If you do that, then my objection is gone.

In fact, because you and Ted Tso asked, we've already inserted that
sort of language into the next draft. As I said before, I thought the
suggestion was very good.  We are being quite explicit in the document
that the length is a necessary part of the security.  The language
will make it very clear that any system which does not have the length
at a fixed position in the block isn't secure.

I have no objections to the addition of any further explanatory
language that might be needed.

Given that the language is indeed going to be in the MD5 documents,
are there further objections or comments on the documents as written
thus far? I was expecting far more commentary, frankly. Surely someone
at least objects to some of our grammar or phrasing? (The IETF is not
known for its passive acceptance of anything...)

Perry

Prev by Date: Use of Keyed MD5
Next by Date: Re[2]: AH-MD5
Prev by thread: AH-MD5
Next by thread: Re[2]: AH-MD5
Index(es):
- Main
- Thread