[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: response to Last Call on: IP Authentication using Keyed MD5

To: hugo@watson.ibm.com
Subject: Re: response to Last Call on: IP Authentication using Keyed MD5
From: Hilarie Orman <ho@cs.arizona.edu>
Date: Tue, 27 Jun 1995 15:21:54 -0700
Cc: ipsec@ans.net
In-Reply-To: Yourmessage <199506270121.AA40361@interlock.ans.net>

The draft repeats a defect that Van Oorschot noted with respect to
draft-ietf-ipsec-ah-md5-03.txt, that it does not address the desired
security properties of the transform.  I realize that "better than brand X
and costs no more" is meant to be a compelling argument, but some reference
to absolute criteria would be useful.

Why is the padding is changed from 128-bits to 512-bits in the initial
key setup?  Is this to allow pre-computation?  If so, this should be
noted so that it is not confused with a security consideration.

I cannot find any of the references for the security of the method.  I
was only able to see a copy of the preprint of Crypto '95 paper for a
few minutes and have received no replies to requests for a copy, the
URL http://www.rsa.com/rsalabs/cryptobytes/ is non-existent, another
reference is a "manuscript".  It seems unreasonable to ask the group
to make a decision if none of the background material is available to it.

References:

response to Last Call on: IP Authentication using Keyed MD5

From: hugo@watson.ibm.com

Prev by Date: response to Last Call on: IP Authentication using Keyed MD5
Next by Date: Response to Last Call on: IP Authentication using Keyed MD5
Prev by thread: Re: response to Last Call on: IP Authentication using Keyed MD5
Next by thread: Re: response to Last Call on: IP Authentication using Keyed MD5
Index(es):
- Main
- Thread