Re: (IMPORTANT) Call for AH-MD5 and ESP-DES to move forward

["Perry E. Metzger" <perry@piermont.com>]

hugo@watson.ibm.com writes:
> We need to find a way to break this loop. I don't care about the word
> "replace" just about making clear that IPSEC-AH REQUIRES HMAC
> (as the default implementation).

Thats fine, so long as we don't speak of "replacing", and so long as
we take some time to allow people to examine the transform. I would
want to see some considerable time taken between the time that an HMAC
based RFC is issued and the time it is advanced. No personal slight
intended, Hugo, but I've learned at this point that the only way to
get certainty out of cryptographers is to wait a year or two for the
dust to settle thoroughly. I fully believe your statements that no one
who has seen your work has had any trouble with it, but recall that
similar statements were made the last time around -- it would be
better if we gave it some time. This isn't to say we should advance
something else in its place, you understand. It is just to say we
should be more carefull.

> As a general note: if we can't modify the standards during the
> standarization process why do we have that process in place.

We can alter what is standard. However, it is often bad to alter what
already exists. When SMTP got revised, an extensions mechanism was
created -- existing SMTPs weren't broken. Sometime soon it will be
required that SMTP implementations support ESMTP, but it will
doubtless be a long while before ESMTP is totally universal, if
ever.

Perry

---

• Prev by Date: Re: (IMPORTANT) Call for AH-MD5 and ESP-DES to move forward
• Next by Date: Re: (IMPORTANT) Call for AH-MD5 and ESP-DES to move forward
• Prev by thread: Re: (IMPORTANT) Call for AH-MD5 and ESP-DES to move forward
• Next by thread: (IMPORTANT) Call for AH-MD5 and ESP-DES to move forward
• Index(es):
  • Main
  • Thread