[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(IMPORTANT) Call for AH-MD5 and ESP-DES to move forward



Ref:  Your note of Thu, 29 Feb 1996 16:09:19 -0500 (attached)

Perry,

 >
 > I have no problem with the idea of ultimately advancing the HMAC
 > transform to standard, especially after it has been out for a good
 > while and there has been additional opportunity for cryptographers to
 > attack it, but I disagree with the words "replace". As Paul's survey
 > reveals, many implementations currently implement 1828. Let us instead
 > speak of requiring this new superior transform rather than of
 > "replacing" the old one, which would imply, for example, that
 > identifiers for 1828 in key management protocols would have to point
 > at HMAC instead, which would result in interoperability problems.

What I want is that implementations *do* move to this new function.
We are doing a lot of implementation work regarding IPSEC, and we talk
to many other implementation people involved with IPSEC.
The message is very clear: no one has any real problem to implement the
new transform, however they will not do that as long as there is another
one that is *officially* required by the IPSEC standard.

We need to find a way to break this loop. I don't care about the word
"replace" just about making clear that IPSEC-AH REQUIRES HMAC
(as the default implementation).

As a general note: if we can't modify the standards during the
standarization process why do we have that process in place.
Implementors need to know (and we know!) that changes will occur.
This particular one is easy to implement and upgrade.

If the decision is that it is too late to change the default algorithm
I would recommend this group to be even more careful on any decision about
moving any document to standards track.

Hugo



Follow-Ups: