Re: Remove little-used algorithms from IKEv2

Uri Blumenthal <uri@lucent.com> Fri, 15 March 2002 04:51 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g2F4p8406810; Thu, 14 Mar 2002 20:51:08 -0800 (PST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id XAA08770 Thu, 14 Mar 2002 23:11:56 -0500 (EST)
Cc: "Hallam-Baker, Phillip" <pbaker@verisign.com>, ipsec@lists.tislabs.com
Message-ID: <3C9176B6.23706837@lucent.com>
Date: Thu, 14 Mar 2002 23:21:10 -0500
From: Uri Blumenthal <uri@lucent.com>
Organization: Lucent Technologies
X-Mailer: Mozilla 4.76 [en]C-CCK-MCD EMS-1.5 (Windows NT 5.0; U)
X-Accept-Language: en,pdf
MIME-Version: 1.0
To: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Original-CC: "Hallam-Baker, Phillip" <pbaker@verisign.com>, ipsec@lists.tislabs.com
Subject: Re: Remove little-used algorithms from IKEv2
References: <2F3EC696EAEED311BB2D009027C3F4F405869A08@vhqpostal.verisign.com> <p05101410b8b6caac4c2b@[165.227.249.20]>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

Paul Hoffman / VPNC wrote:
> >Any reason for keeping the MD5 algorithms
>
> - We want it in there in case of a catastrophic failure of SHA-1 and
> the related bigger SHAs.

Considering how close internally MD5 and SHA-1 are - I'd expect
that any real "catastrophic" failure of one will affect the
other...
 
> It is good practice to have a well-understood fallback in case of
> catastrophic failure.

See above.

> MD5 has a huge amount of implementation experience behind it.

Why is this of importance...?
--
Regards,
Uri
-=-=-=<>=-=-
<Disclaimer>