On 4 Dec 2010, at 03:23, Martin Rex wrote:
Although the attacks against MD5 published so far are practical only
for creating collision pairs, there has not been published a practical
preimage attack against MD5. But the practical collision attack alone
is devastating for several integrity protection usage scenarios.
I am wondering how the authors of RFC4270 wound up misusing the 'integrity
protection' term to cover both intentional (attack) and unintentional
modifications, whereas reliability checking covers only the latter.
But, to the security mindset, everything is an attack.
I've now filed two errata on RFC4270.
Ietf mailing list