Rodney, Your comments are not useful in the determination of the IPsec use of MD5 versus SHA: >- as I recall the last time I got to fill out export paperwork there was no >check-box marked "somebody on an IETF mailing list said the NSA said in a >telephone call it was ok to export this" so I do think you need to get >paperwork for this stuff, which makes it hard to move across country >boundries, which impacts deployment, which impacts architecture, which makes >exportability a technical issue -- sorry. My comments that you refer have never stated the above ... my point has always been that: - SHA and MD5 are both export controlled - SHA and MD5 when used only for integrity checks are "easy" to export (as compared to encryption). - export considerations are not consideration when comparing the use of SHA to MD5 So, please ... my e-mail box is filling with irrelevant SHA versus MD5 comments, please be concise in this polling of comments. Additional noise only obscures the legitimate points that people are trying to make. Paul
-- BEGIN included message
- To: ipsec@tis.com
- Subject: sha vs. md5
- From: "Rodney Thayer " <ipsec-approval@neptune.tis.com>
- Date: 24 May 96 13:57:46
After reading John Kennedy's comments on SHA-1 I decided I should share a couple of my thoughts. I don't mean to start a fight, just to offer some opinions... - I think it's architecturally unsound to mandate a protocol that can't be exported from the U.S. besides, I believe it violates 1825, which makes a comment on AH always being exportable. - I agree that I expect we should be conservative on crypto issues and an "it seems to be still ok" attitude sounds inappropriate. - as I recall the last time I got to fill out export paperwork there was no check-box marked "somebody on an IETF mailing list said the NSA said in a telephone call it was ok to export this" so I do think you need to get paperwork for this stuff, which makes it hard to move across country boundries, which impacts deployment, which impacts architecture, which makes exportability a technical issue -- sorry. Rodney Thayer :: rodney@sabletech.com Sable Technology Corp :: +1 617 332 7292 246 Walnut St :: Fax: +1 617 332 7970 Newton MA 02160 USA :: http://www.shore.net/~sable "Developers of communications software"
-- END included message