IETF Logo Mail Archive

Re: [Ipsec] Last Call: 'Cryptographic Algorithm Implementation Requirements For ESP And AH' to Proposed Standard

"Steven M. Bellovin" <smb@research.att.com> Thu, 08 July 2004 04:51 UTC

Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA12492 for <ipsec-archive@lists.ietf.org>; Thu, 8 Jul 2004 00:51:46 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1BiPNh-00034t-5g; Wed, 07 Jul 2004 23:15:29 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1BiNnj-0005bs-Oi for ipsec@megatron.ietf.org; Wed, 07 Jul 2004 21:34:15 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA03380 for <ipsec@ietf.org>; Wed, 7 Jul 2004 21:34:08 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BiNnd-0007Pr-4V for ipsec@ietf.org; Wed, 07 Jul 2004 21:34:09 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BiNmi-00076U-00 for ipsec@ietf.org; Wed, 07 Jul 2004 21:33:13 -0400
Received: from mail-red.research.att.com ([192.20.225.110] helo=mail-white.research.att.com) by ietf-mx with esmtp (Exim 4.12) id 1BiNlr-0006e4-00; Wed, 07 Jul 2004 21:32:19 -0400
Received: from mail-blue.research.att.com (mail-blue.research.att.com [135.207.30.102]) by mail-white.research.att.com (Postfix) with ESMTP id 6FF8166403C; Wed, 7 Jul 2004 21:31:50 -0400 (EDT)
Received: from bigmail.research.att.com (bigmail.research.att.com [135.207.30.101]) by mail-blue.research.att.com (Postfix) with ESMTP id 6C1781974C6; Wed, 7 Jul 2004 21:31:18 -0400 (EDT)
Received: from berkshire.research.att.com (raptor.research.att.com [135.207.23.32]) by bigmail.research.att.com (8.11.6+Sun/8.11.6) with ESMTP id i681Vn417485; Wed, 7 Jul 2004 21:31:49 -0400 (EDT)
Received: from research.att.com (localhost [127.0.0.1]) by berkshire.research.att.com (Postfix) with ESMTP id 8705E1AE89; Wed, 7 Jul 2004 21:31:49 -0400 (EDT)
X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4
From: "Steven M. Bellovin" <smb@research.att.com>
To: Hugo Krawczyk <hugo@ee.technion.ac.il>
Subject: Re: [Ipsec] Last Call: 'Cryptographic Algorithm Implementation Requirements For ESP And AH' to Proposed Standard
In-Reply-To: Your message of "Thu, 08 Jul 2004 00:20:43 +0300." <Pine.GSO.4.44_heb2.09.0407072207480.21829-100000@ee.technion.ac.il>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Wed, 07 Jul 2004 21:31:49 -0400
Message-Id: <20040708013149.8705E1AE89@berkshire.research.att.com>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60
Cc: ipsec@ietf.org, Donald.Eastlake@Motorola.com, iesg@ietf.org
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org

In message <Pine.GSO.4.44_heb2.09.0407072207480.21829-100000@ee.technion.ac.il>
, Hugo Krawczyk writes:
>Draft draft-ietf-ipsec-esp-ah-algorithms-01.txt
>specifies HMAC-MD5 as MAY (in the list of authentication algorithms).
>
>Given that 8 years after the invention of HMAC and 8 years after
>Dobbertin's attacks on MD5 there is no single piece of evidence (big or
>small) against the use of HMAC-MD5, and given that HMAC-MD5 is close to
>twice the speed of HMAC-SHA1, then I suggest to upgrade HMAC-MD5 to SHOULD
>(it is good to make it available for applications that need the speed,
>especially in authentication-only configurations (are there any?)
>
>Just a suggestion. Feel free to ignore.
>

What did the WG say if/when you raised this during WG Last Call?


		--Steve Bellovin, http://www.research.att.com/~smb



_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email