[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPsec mandatory authentication algorithms
In message <199710070713.DAA15269@relay.hq.tis.com>, Karen Seo writes:
> Folks,
>
> There's an inconsistency between the AH and ESP specs and the DOI.
If I remember correctly, the original reason for mandating MD5 was backwards
compatability with previous implementations. However, with the sequence
number field and the new 96-bit truncated digests, we've *completely* broken
backwards compatability; the requirement is gone.
The cryptographic community appears to have declared MD5 anywhere from
suspect to compromised, depending on their level of paranoia.
Therefore, I'd recommend making HMAC with SHA-1 *mandatory*, and possibly
even specify that it should be preferred when negotiating.
Whether or not HMAC with MD5 is also mandatory is less important to me... :-)
--
C. Harald Koch <chk@utcc.utoronto.ca>
Follow-Ups:
References: