[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sha vs. md5



Rodney, 
 
Your comments are not useful in the determination of the IPsec use of MD5 
versus SHA: 
 
>- as I recall the last time I got to fill out export paperwork there was no 
>check-box marked "somebody on an IETF mailing list said the NSA said in a 
>telephone call it was ok to export this" so I do think you need to get 
>paperwork for this stuff, which makes it hard to move across country 
>boundries, which impacts deployment, which impacts architecture, which makes 
>exportability a technical issue  -- sorry. 
 
My comments that you refer have never stated the above ... my point has always 
been that: 
 
 - SHA and MD5 are both export controlled 
 - SHA and MD5 when used only for integrity checks are "easy"  
   to export (as compared to encryption). 
 - export considerations are not consideration when comparing 
   the use of SHA to MD5 
 
So, please ... my e-mail box is filling with irrelevant SHA versus MD5 
comments, please be concise in this polling of comments.  Additional noise 
only obscures the legitimate points that people are trying to make. 
 
Paul 


-- BEGIN included message


After reading John Kennedy's comments on SHA-1 I decided I should share a
couple of my thoughts.  I don't mean to start a fight, just to offer some
opinions...

- I think it's architecturally unsound to mandate a protocol that can't be 
exported from the U.S.  besides, I believe it violates 1825, which makes a
comment on AH always being exportable.

- I agree that I expect we should be conservative on crypto issues and an
"it seems to be still ok" attitude sounds inappropriate.

- as I recall the last time I got to fill out export paperwork there was no
check-box marked "somebody on an IETF mailing list said the NSA said in a
telephone call it was ok to export this" so I do think you need to get
paperwork for this stuff, which makes it hard to move across country
boundries, which impacts deployment, which impacts architecture, which makes
exportability a technical issue  -- sorry.

                  Rodney Thayer           ::         rodney@sabletech.com
                  Sable Technology Corp   ::              +1 617 332 7292
                  246 Walnut St           ::         Fax: +1 617 332 7970     
                  Newton MA 02160 USA     ::  http://www.shore.net/~sable
                           "Developers of communications software"


-- END included message