Re: response to Last Call on: IP Authentication using Keyed MD5

["Perry E. Metzger" <perry@imsi.com>]

H.Krawczyk writes:
>  > It appears that all that is needed to incorporate Hugo's suggestion is
>  > a change of a line or two of the MD5 AH draft to specify that the
>  > prepended part of the key be padded out with a 1 bit and some number
>  > of 0 bits to 512 bits. Am I correct on this, Hugo?
> 
> Right, that's the only change to the calculation description.

Bill assures me that it has been inserted in the document, though I
have yet to see the language he has used.

>  > Given the simplicity of this change, I'm inclined to see if we can
>  > insert it before RFC publication, in spite of the late timing. Again,
>  > this depends on what my co-authors say and on general consensus.
> 
> I am not sure if draft draft-ietf-ipsec-ah-md5 is needed anymore. The
> mandatory function for implementation can be specified in Atkinson's
> draft-ietf-ipsec-auth by referencing a protocol-independent description of
> the function as done in draft-krawczyk-keyed-md5 or similar document.

Hugo, you are a great cryptographer, but I've read your document and I
don't think it is suitable for an implementer. Bill has effected the
needed change by an alteration of only a sentence or two in the
current draft. I will make sure that you are heavily referenced and,
although I didn't think to do it, I'll put a large pointer to your
work in the security considerations section. I also think that a
modified version of your draft should be made into an informational
RFC, with much cleaned up language explaining the rationale and the
rest -- there is a need for such a document. However, I don't think
its suitable as a replacement for the current document.

>  > It would also be nice if Hugo were to post a message explaining the
> 
> I hope the message I sent an hour ago will help in this regard.

It did.

Perry