Hi.
I'm sorry it has taken me so long to get back to this. I wanted to
make sure I thoroughly understood the MDC in 2440bis and also wanted
to talk with Russ and other security experts.
I've convinced myself that the MDC's use of sha-1 is probably OK.
However algorithm agility is an absolute requirement. The document
needs to clearly articulate a strategy for upgrading the algorithm
used by the MDC and to explain how clients can detect support for this
algorithm if asymmetric keys are involved. I was going to ask for the
ability to include multiple MDC packets to support phased upgrades,
but Russ convinced me that this is not necessary.
Also, I would like to ask you to submit the section of your document
describing the MDC to the CFRG for their review. I suspect they are
not going to like it much, but we need to give them a chance to find
any huge show stoppers.
So, I'm asking for the following specific actions:
1) Document your algorithm upgrade strategy.
2) Ask for a CFRG review
--Sam