Re: [Gen-art] Gen-ART LC Review of draft-ietf-nsis-nslp-auth-06

Hi Russ,

On 09.09.2010 16:56, Russ Housley wrote:

Will any implementations be impacted?  If not, we should ask the
Security ADs for their best suggestion.


At least we have one implementation, but it's nothing that
we couldn't change easily. So getting advice from the security
ADs would be good. RFC4270 recommends to change to
HMAC-SHA-256+, but I don't know whether there exist already better
alternatives.

Regards,
 Roland

On 9/8/2010 7:24 PM, Roland Bless wrote:

-- section 4.1.1, 2nd paragraph:


Is HMAC-MD5 still a reasonable choice for a single mandatory-to-implement 
algorithm these days?

Good question. I thought that HMACs are not so strongly
affected by the discovered hash algorithm weaknesses w.r.t. collision
attacks. I could change this to HMAC-SHA-256 though. Any
other suggestions?


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: [MEXT] Last Call: draft-ietf-mext-nemo-pd (DHCPv6 Prefix Delegation for NEMO) to Proposed Standard, Hesham Soliman

Next by Date:

Re: Review of draft-saintandre-tls-server-id-check, Peter Saint-Andre

Previous by Thread:

Re: [Gen-art] Gen-ART LC Review of draft-ietf-nsis-nslp-auth-06, Russ Housley

Next by Thread:

Re: [Gen-art] Gen-ART LC Review of draft-ietf-nsis-nslp-auth-06, Lars Eggert

Indexes:

[Date] [Thread] [Top] [All Lists]