RE: Remove little-used algorithms from IKEv2

Henry Spencer <henry@spsystems.net> Thu, 14 March 2002 21:27 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g2ELRg424666; Thu, 14 Mar 2002 13:27:42 -0800 (PST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id PAA05883 Thu, 14 Mar 2002 15:51:39 -0500 (EST)
Date: Thu, 14 Mar 2002 16:02:44 -0500
From: Henry Spencer <henry@spsystems.net>
To: IP Security List <ipsec@lists.tislabs.com>
Subject: RE: Remove little-used algorithms from IKEv2
In-Reply-To: <2F3EC696EAEED311BB2D009027C3F4F405869A08@vhqpostal.verisign.com>
Message-ID: <Pine.BSI.3.91.1020314155354.13487E-100000@spsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

On Thu, 14 Mar 2002, Hallam-Baker, Phillip wrote:
> MD5 and SHA are pretty close and share the same internal structure so I
> don't think we can really justify MD5 as a fallback to SHA-1, particularly
> in the light of the Dobbertin results.

Remember that the Dobbertin results appear to be inapplicable to HMAC-MD5,
serious though they are for plain MD5.

One consideration that matters to some people is that MD5 was not designed
by the NSA.  (Saying that this shouldn't matter to them won't make it so.)

This is one place where even FreeS/WAN, which generally is big on "one good
solution, not a choice among ten", offers both.

                                                          Henry Spencer
                                                       henry@spsystems.net