[DNSOP] RFC 2845bis and HMAC-MD5
Martin Hoffmann <martin@opennetlabs.com> Thu, 14 March 2019 14:53 UTC
Return-Path: <martin@opennetlabs.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 041EF12D4F0 for <dnsop@ietfa.amsl.com>; Thu, 14 Mar 2019 07:53:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WAqj77oiPoS9 for <dnsop@ietfa.amsl.com>; Thu, 14 Mar 2019 07:53:28 -0700 (PDT)
Received: from dicht.nlnetlabs.nl (dicht.nlnetlabs.nl [185.49.140.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE09F129BBF for <dnsop@ietf.org>; Thu, 14 Mar 2019 07:53:26 -0700 (PDT)
Received: from glaurung.nlnetlabs.nl (unknown [IPv6:2a04:b900:0:1:a2c5:89ff:feb5:e311]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id 812331C5A5 for <dnsop@ietf.org>; Thu, 14 Mar 2019 15:53:24 +0100 (CET)
Authentication-Results: dicht.nlnetlabs.nl; dmarc=none (p=none dis=none) header.from=opennetlabs.com
Authentication-Results: dicht.nlnetlabs.nl; spf=none smtp.mailfrom=martin@opennetlabs.com
Date: Thu, 14 Mar 2019 15:53:24 +0100
From: Martin Hoffmann <martin@opennetlabs.com>
To: dnsop@ietf.org
Message-ID: <20190314155324.4841ce29@glaurung.nlnetlabs.nl>
Organization: Open Netlabs
X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/PxKECTWvTT89SGIsZyrBDhGYeWA>
Subject: [DNSOP] RFC 2845bis and HMAC-MD5
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2019 14:53:30 -0000
Hi, when looking over draft-ietf-dnsop-rfc2845bis I was hoping that it would relax the mandatory requirement for HMAC-MD5, but no such luck. Given that most protocols have either made MD5 optional or banned it outright, some modern crypto libraries have decided to drop it from their supported algorithms. It seems to me that forcing new code to include dependencies for MD5 is unnecessary. As such, I would like to propose to move HMAC-MD5 to optional and only retain SHA-1 and SHA-256 as mandatory. Kind regards, Martin
- [DNSOP] RFC 2845bis and HMAC-MD5 Martin Hoffmann
- Re: [DNSOP] RFC 2845bis and HMAC-MD5 Tony Finch
- Re: [DNSOP] RFC 2845bis and HMAC-MD5 Matthew Pounsett
- Re: [DNSOP] RFC 2845bis and HMAC-MD5 Dick Franks
- Re: [DNSOP] RFC 2845bis and HMAC-MD5 Paul Wouters
- Re: [DNSOP] RFC 2845bis and HMAC-MD5 Tony Finch