Re: what I am proposing re HMAC

[Uri Blumenthal <uri@watson.ibm.com>]

Perry E. Metzger writes:
> Just to be clear, what I am proposing on HMAC is this:
> 1) We leave 1828 alone. We do not advance it further but we do not
>    "replace" it, meaning new RFCs do NOT "supersede" it in the way a
>    replacement would.

I'm against. There are no reasons NOT to "supersede" 1828.

> 2) We publish an RFC as a proposed standard for HMAC.
> 3) We think of the HMAC transform not as a replacement for the
>    existing transforms but as a new transform.

Yes, certainly.

>    Any key negotiation
>    protocols that exist do not replace the meaning of "use the 1828
>    transform" with using HMAC -- they think of HMAC as a new
>    transform. I do not want the new RFC to "supersede" 1828 as a
>    replacement RFC would.

It is a question of what transform will be mandatory and what won't.
HMAC should be the mandatory one, for several good reasons.

>    ...........Right now we can fail to advance 1828 as
>    part of this process, but in general what we are doing is creating
>    NEW transforms, not REPLACING old ones. The new transforms are then
>    encouraged to be "must implement".

We are [or should be]  making the new transform "must implement" and
the old one - "optional". In my eyes it's either a "replace", or
very close to it. (:-)
-- 
Regards,
Uri		uri@watson.ibm.com
-=-=-=-=-=-=-
<Disclaimer>

---

Follow-Ups:

• Re: what I am proposing re HMAC
• From: Craig Metz <cmetz@inner.net>

References:

• what I am proposing re HMAC
• From: "Perry E. Metzger" <perry@piermont.com>

---

• Prev by Date: Re: what I am proposing re HMAC
• Next by Date: IETF meetings :(
• Prev by thread: Re: what I am proposing re HMAC
• Next by thread: Re: what I am proposing re HMAC
• Index(es):
  • Main
  • Thread