Re: SHA + generic auth specs? (was Re: AH-MD5)

["Perry E. Metzger" <perry@imsi.com>]

"Donald E. Eastlake 3rd (Beast)" says:
> Yikes!
> 
> The goal is INTEROPERABILITY.  Please don't define a zillion
> alternatives just out of some desire to document all the suggestions
> that come along.

I don't intend to -- or at least, only certain base documents will be
"MUST" parts of the standard (see below). However, it does prevent the
n * m documents problem, and the n * m implementations problem, if new
cipher or auth transforms can fit together with old auth and cipher
transforms (respectively). There *will* be new transforms with time.

> I don't think it makes that much difference whether we use MD5 or SHA.
> I personally favor SHA, but MD5 is what has always been "decided" at
> the WG meetings at the IETF meetings and is the Internet standard.
> 
> We need documents to progress to a reasonable proposed standard.  I'd
> be happy to do this with documents with either MD5 or SHA.  I don't
> think everyone should have to implement both.

The intention was to mandate a base standard for interoperability --
originally DES, MD5, and DES+MD5, and permit consenting hosts to use
better things as time went on. Thats still the intent.

Perry

---

References:

• Re: SHA + generic auth specs? (was Re: AH-MD5)
• From: "Donald E. Eastlake 3rd (Beast)" <dee@skidrow.tay.dec.com>

---

• Prev by Date: Re: SHA + generic auth specs? (was Re: AH-MD5)
• Next by Date: Re: risks of MACs associated with packets
• Prev by thread: Re: SHA + generic auth specs? (was Re: AH-MD5)
• Next by thread: Re: SHA + generic auth specs? (was Re: AH-MD5)
• Index(es):
  • Main
  • Thread