Re: [Ipsec] Last Call: 'Cryptographic Algorithm ImplementationRequirements For ESP And AH' to Proposed Standard

[Hugo Krawczyk <hugo@ee.technion.ac.il>]

Draft draft-ietf-ipsec-esp-ah-algorithms-01.txt
specifies HMAC-MD5 as MAY (in the list of authentication algorithms).

Given that 8 years after the invention of HMAC and 8 years after
Dobbertin's attacks on MD5 there is no single piece of evidence (big or
small) against the use of HMAC-MD5, and given that HMAC-MD5 is close to
twice the speed of HMAC-SHA1, then I suggest to upgrade HMAC-MD5 to SHOULD
(it is good to make it available for applications that need the speed,
especially in authentication-only configurations (are there any?)

Just a suggestion. Feel free to ignore.

Hugo

On Wed, 23 Jun 2004, The IESG wrote:

> The IESG has received a request from the IP Security Protocol WG to consider
> the following document:
>
> - 'Cryptographic Algorithm Implementation Requirements For ESP And AH '
>  <draft-ietf-ipsec-esp-ah-algorithms-01.txt> as a Proposed Standard
>
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action.Please send any comments to the
> iesg@ietf.org or ietf@ietf.org mailing lists by 2004-07-07.
>
> The file can be obtained via
> http://www.ietf.org/internet-drafts/draft-ietf-ipsec-esp-ah-algorithms-01.txt
>
>
> _______________________________________________
> Ipsec mailing list
> Ipsec@ietf.org
> https://www1.ietf.org/mailman/listinfo/ipsec
>



_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec