[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

WG Last Call: AH Transforms to Proposed Standard

To: rja@cisco.com, ipsec@TIS.COM
Subject: WG Last Call: AH Transforms to Proposed Standard
From: HUGO@watson.ibm.com
Date: Thu, 23 May 96 15:59:41 EDT
MMDF-Warning: Parse error in original version of preceding line at neptune.TIS.COM
Sender: ipsec-approval@neptune.tis.com

Ref:  Your note of Tue, 21 May 1996 12:13:04 PDT

I missed the "quick survey" (I was away from my email),
anyway I want to repeat my opinion on this issue.

Based on the message I sent to this list on May 8
I support using HMAC-MD5 for AH and ESP+AH.

(I do this with my hat of "implementer" and the recognition of the
need for best possible performance rather than with my more conservative hat
of "pure cryptographer").

I recommend adding the following paragraph (or any correct English-variant
of it) to the documents defining HMAC-MD5 as the default transform:

   The currently known cryptanalytic results on MD5 do not indicate
   a practical weakness of MD5 for its use with the HMAC construction.
   Due to this fact and the performance advantages of MD5 over other
   alternatives (e.g., SHA-1) this document defines MD5 as the basic hash
   function to be used with HMAC. However, implementers need to be aware
   that future cryptographic developments may call for the replacement of
   MD5 with other hash functions. In particular, implementers are strongly
   encouraged to provide support for SHA-1 with HMAC in addition to the
   required support for MD5. This will facilitate a future migration to SHA-1
   without jeopardizing interoperability.

Hugo

Follow-Ups:

MD5 vs. SHA-1, Selection Criteria

From: John Kennedy <jkennedy@cylink.com>

Prev by Date: Re: Whatever happend to compression?
Next by Date: MD5 vs. SHA-1, Selection Criteria
Prev by thread: WG Last Call: AH Transforms to Proposed Standard
Next by thread: MD5 vs. SHA-1, Selection Criteria
Index(es):
- Main
- Thread