Jon Callas wrote:
When the Mister-Zuccherato attack came out at the beginning of the year,
one of the suggestions that we had was to re-do the encrypted data
packet and MDC. It seems that there's not really a lot of consensus to
fix it, that merely working around the problem seems to be adequate? Am
I right in that perception? Do we want to upgrade it?
I missed this discussion, I think, and can't seem to find it in the
archives. Do you have a refrence?
I still think it's a good idea, myself, particularly since if you want
wide deployment of such a thing for the future getting on it now is a
good idea. But I would also like to really close out 2440bis, too.
(However, the two are not mutually exclusive. We could close out 2440bis
and put the upgrades into a followon RFC.)
That sounds like a plan.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff