[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: response to Last Call on: IP Authentication using Keyed MD5
The draft repeats a defect that Van Oorschot noted with respect to
draft-ietf-ipsec-ah-md5-03.txt, that it does not address the desired
security properties of the transform. I realize that "better than brand X
and costs no more" is meant to be a compelling argument, but some reference
to absolute criteria would be useful.
Why is the padding is changed from 128-bits to 512-bits in the initial
key setup? Is this to allow pre-computation? If so, this should be
noted so that it is not confused with a security consideration.
I cannot find any of the references for the security of the method. I
was only able to see a copy of the preprint of Crypto '95 paper for a
few minutes and have received no replies to requests for a copy, the
URL http://www.rsa.com/rsalabs/cryptobytes/ is non-existent, another
reference is a "manuscript". It seems unreasonable to ask the group
to make a decision if none of the background material is available to it.
References: