[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: keyed-MD5 placement of secret




"William Allen Simpson" says:
> Now, unless the Security Area reverses itself, and changes the standard
> in SNMP also, that is what we will use in the AH implementations going
> forward as we speak.

I wouldn't go that far. The security area directorate isn't
infallible. If someone presented with reasonable evidence that we were
making a mistake I'd say that we should change. However, thus far I
haven't seen evidence that we shouldn't follow the SNMP/IPv6
precedent.

Myself, I'm pretty flexible. I have no religious convictions here --
this ends up being a change of a couple of lines of code in my
implementation. Making that sort of change wouldn't break me. There
was a time where I would have said "to hell with it" and changed my
position just to reach consensus faster. However, Ran Atkinson beat it
into my head not that long ago that here in the IETF we make our
decisions for good technical reasons and not for political reasons,
and I've stuck by his advice on this sort of thing since then.

As I've yet to hear a good technical argument, I'm sticking with my
personal position -- no offense intended to Hugo or any of the other
partisans of appending or other mechanisms.

Perry


References: