[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
sha vs. md5
After reading John Kennedy's comments on SHA-1 I decided I should share a
couple of my thoughts. I don't mean to start a fight, just to offer some
opinions...
- I think it's architecturally unsound to mandate a protocol that can't be
exported from the U.S. besides, I believe it violates 1825, which makes a
comment on AH always being exportable.
- I agree that I expect we should be conservative on crypto issues and an
"it seems to be still ok" attitude sounds inappropriate.
- as I recall the last time I got to fill out export paperwork there was no
check-box marked "somebody on an IETF mailing list said the NSA said in a
telephone call it was ok to export this" so I do think you need to get
paperwork for this stuff, which makes it hard to move across country
boundries, which impacts deployment, which impacts architecture, which makes
exportability a technical issue -- sorry.
Rodney Thayer :: rodney@sabletech.com
Sable Technology Corp :: +1 617 332 7292
246 Walnut St :: Fax: +1 617 332 7970
Newton MA 02160 USA :: http://www.shore.net/~sable
"Developers of communications software"
Follow-Ups: