"Russ" == Russ Housley <housley(_at_)vigilsec(_dot_)com> writes:
Russ> Sam: Maybe I should have stayed quiet a bit longer. I fully
Russ> support Steve's approach, and maybe that is what you wanted
Russ> Steve asked the authors to describe
Russ> 1. which attacks are out of scope (and why!) 2.
Russ> which attacks are in-scope 2.1 and the protocol is
Russ> susceptible to 2.2 and the protocol protects against
Russ> This is better than us each making our own assessment of the
Russ> hash function security requirements.
I didn't see that request but I think it is a fine direction.
Honestly though the authors seem more upset about agility than about
md5. I think we're certain we want agility.
Ietf mailing list