Re: sha vs. md5

["C. Harald Koch" <chk@border.com>]

In message <199605241757.NAA00859@park.interport.net>, Rodney Thayer writes:
>
> - I think it's architecturally unsound to mandate a protocol that can't be 
> exported from the U.S.  besides, I believe it violates 1825, which makes a
> comment on AH always being exportable.

Several people on the list have pointed out that MD5 and SHA-1 are covered by
the *same* U.S. export restrictions. So by your arguent, we should not
mandate either algorithm.

In message <199605241754.NAA15403@sloth.ncsl.nist.gov>, Robert Glenn writes:
>
> I'm not sure of the benefit of having multiple AH transforms mandatory
> to implement.  I thought the purpose of having *one* was to insure
> interoperability and to perhaps provide some kind of baseline.  Having
> two will just muddy the waters, so to speak.

We are creating standards here. It is not our job to dictate security v.s.
performance tradeoffs to end users; it is our job to make it possible for
end users to make these decisions for themselves. As such, mandating *both*
algorithms is the only option that will support the choice, while still
allowing full interoperability.

[ Yes, I'm for making both algorithms mandatory. ]

-- 
C. Harald Koch          | Border Network Technologies Inc.
chk@border.com          | Senior System Developer
+1 416 368 7157 (voice) | 20 Toronto Street, Suite 400, Toronto ON M5C 2B8
+1 416 368 7789 (fax)   | Madness takes its toll. Please have exact change.

---

References:

• sha vs. md5
• From: Rodney Thayer <rodney@sabletech.com>

---

• Prev by Date: Re: Whatever happend to compression?
• Next by Date: Re: MD5 vs. SHA-1, Selection Criteria
• Prev by thread: sha vs. md5
• Next by thread: Re: sha vs. md5
• Index(es):
  • Main
  • Thread