[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MD5 considered insecure?



Steve,

  Thanks very much for sharing that paper with us.  Its quite short,
but very interesting reading.

Everyone,

  In my own personal mind, it raises the question of how we should proceed
on the AH transforms.  Possible options for the WG to consider include
at least these:
  - Make both HMAC MD5 and HMAC SHA-1 mandatory-to-implement
  - Make HMAC MD5 optional-to-implement and HMAC SHA-1 mandatory-to-implement 

  One question I have is whether it would be sensible to substitute HMAC SHA-1
for HMAC MD5 in the ESP "DES-CBC HMAC MD5 Replay" transform.  What do folks
think is best ?

  I'm hoping to see some discussion on the list about how to proceed after
folks have had the time to read and digest the material Steve has passed
along.

Ran
rja@inet.org



Follow-Ups: References: