[Top] [All Lists]

Re: SHA-1 broken

2005-02-17 12:25:22

On Thu, 17 Feb 2005 13:36:38 -0500, David Shaw said:

Rather than end up like that, just call "new V4" "V5" instead.  It is
also an opportunity to fix the handful of little details that bug
people about V4: the default cipher can be AES instead of 3DES.  The
key expiration dates can be hard or soft (not just soft as in V4).

I am all in favor of this. Some time ago we even discussed that a v5
signature format would be a good idea so solve some things.  We could
even addres the back signature thing better with a new format.

I don't know that this should necessarily be in 2440bis, though, or
2440bis may never be released.

More than 6 years since the last RFC so it is indeed time to have a
new one, defining what the current standard is and showing a warning
that a v5 format is being worked own.  This will give enough time to
work out the problems and analyze what's up with the hash algorithms.



<Prev in Thread] Current Thread [Next in Thread>