On Monday 28 November 2005 10:49, Steven M. Bellovin wrote:
I confess that I don't see the problem.
The problem is that in order to do what Pekka is proposing, we have to make a
substantial change to the protocol. This creates two problems: first, it
means that this protocol, which is in wide use, has been in wide use for more
than five years, the standard for which has been under development for ten
years, will probably take another year to make standard, for this change
alone. As it has many times before. This is a major language tweak, and
will require substantial review. Second, it renders implementations
substantially more complicated, and creates a knob that administrators need
to understand whether and how to turn, where no knob is needed. Additional
knobs that aren't needed have a net negative impact on overall system
security - the overall impact of the proposed change will be to reduce, not
enhance security.
I support the changes suggested by Havard that simply reduce the security
claims being made here. I do not support making any substantive changes to
the protocol at this point - to do so will simply delay it longer, and will
not add any value. The only reason I can think of for not using MD5 is that
at some point people might want to be able to avoid having an MD5
implementation on their device because MD5 is generally deprecated. I don't
think this is a practical concern - MD5 implementations are with us for the
long haul, deprecated or not.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf