IETF Logo Mail Archive

Re: response to Last Call on: IP Authentication using Keyed MD5

Hilarie Orman <ho@cs.arizona.edu> Tue, 27 June 1995 22:29 UTC

Received: from interlock.ans.net by nis.ans.net with SMTP id AA39418 (5.65c/IDA-1.4.4 for <archive-ipsec@nis.ans.net>); Tue, 27 Jun 1995 18:29:24 -0400
Received: by interlock.ans.net id AA44661 (InterLock SMTP Gateway 3.0 for ipsec-out@ans.net); Tue, 27 Jun 1995 18:21:59 -0400
Message-Id: <199506272221.AA44661@interlock.ans.net>
Received: by interlock.ans.net (Protected-side Proxy Mail Agent-3); Tue, 27 Jun 1995 18:21:59 -0400
Received: by interlock.ans.net (Protected-side Proxy Mail Agent-2); Tue, 27 Jun 1995 18:21:59 -0400
Received: by interlock.ans.net (Protected-side Proxy Mail Agent-1); Tue, 27 Jun 1995 18:21:59 -0400
Date: Tue, 27 Jun 1995 15:21:54 -0700
From: Hilarie Orman <ho@cs.arizona.edu>
To: hugo@watson.ibm.com
Cc: ipsec@ans.net
In-Reply-To: Yourmessage <199506270121.AA40361@interlock.ans.net>
Subject: Re: response to Last Call on: IP Authentication using Keyed MD5

The draft repeats a defect that Van Oorschot noted with respect to
draft-ietf-ipsec-ah-md5-03.txt, that it does not address the desired
security properties of the transform.  I realize that "better than brand X
and costs no more" is meant to be a compelling argument, but some reference
to absolute criteria would be useful.

Why is the padding is changed from 128-bits to 512-bits in the initial
key setup?  Is this to allow pre-computation?  If so, this should be
noted so that it is not confused with a security consideration.

I cannot find any of the references for the security of the method.  I
was only able to see a copy of the preprint of Crypto '95 paper for a
few minutes and have received no replies to requests for a copy, the
URL http://www.rsa.com/rsalabs/cryptobytes/ is non-existent, another
reference is a "manuscript".  It seems unreasonable to ask the group
to make a decision if none of the background material is available to it.

v2.23.0 | Report a Bug | By Email