(IMPORTANT) Call for AH-MD5 and ESP-DES to move forward

[hugo@watson.ibm.com]

Ref:  Your note of Mon, 26 Feb 96 20:34:35 GMT (attached)

I suggest NOT moving forward RFC1828.

Let's replace that transform by the keyed-MD5 transform
of Bellare, Canetti and Krawczyk,
as described in draft-krawczyk-keyed-md5-01.txt.
(This function is now named HMAC).

This new transform has a strong cryptographic analysis supporting it.
The paper showing that (see below) has been presented in several
public forums (including RSA conference and MIT's crypto seminar),
and has been widely circulated to cryptographers and security experts in
the last two months. The feedback has been overwhelming positive
(no one objection to its security or analysis).

The proposal was warmly welcome in general when I presented it in Dallas'
IETF (only the authors of RFC1828 objected). It was in the meantime adopted
into a few other protocols. I know of two independent implementations for
use with IPSEC/AH.

I believe it has all the merits and formal requirements to become an RFC
and the DEFAULT transform for AH.

I would like this WG to make a decision in that regard.

Sincereley and unpolitically (;-)

Hugo

PS: for those who still didn't read the paper :-)

Bellare, M., Canetti, R., and Krawczyk, H., "Keyed Hash Functions and
Message Authentication".
http://www.research.ibm.com/security/keyed-md5.html

Clarification: the name HMAC as used in the paper does not appear
in the internet draft draft-krawczyk-keyed-md5-01.txt. However, the described
function is the same.

---

Follow-Ups:

• Re: (IMPORTANT) Call for AH-MD5 and ESP-DES to move forward
• From: "Perry E. Metzger" <perry@piermont.com>

---

• Prev by Date: Re: Sensitivity Labels
• Next by Date: Re: (IMPORTANT) Call for AH-MD5 and ESP-DES to move forward
• Prev by thread: Fwd: IPSEC Implementation
• Next by thread: Re: (IMPORTANT) Call for AH-MD5 and ESP-DES to move forward
• Index(es):
  • Main
  • Thread