ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: DHCID and the use of MD5

2005-11-29 15:43:26
from [Gray, Eric] [Permanent Link] 
Russ,

        Sorry, but what kind of options?  Looking at my key
board, I can't tell whether you meant to type "available"
or "avoidable"...

--
Eric 

--> -----Original Message-----
--> From: ietf-bounces(_at_)ietf(_dot_)org 
[mailto:ietf-bounces(_at_)ietf(_dot_)org] 
--> On Behalf Of Russ Housley
--> Sent: Tuesday, November 29, 2005 5:08 PM
--> To: Sam Hartman
--> Cc: ietf(_at_)ietf(_dot_)org; smb(_at_)cs(_dot_)columbia(_dot_)edu
--> Subject: Re: DHCID and the use of MD5
--> 
--> Sam:
--> 
--> Perhaps I was being too terse.  I think we are in agreement 
--> about the 
--> most important parts.  I was trying to say that once you are forced 
--> to deploy new code, protocol changes and algorithm changes are both 
--> avaioable options.
--> 
--> Russ
--> 
--> 
--> At 12:51 PM 11/29/2005, Sam Hartman wrote:
--> > >>>>> "Russ" == Russ Housley <housley(_at_)vigilsec(_dot_)com> writes:
--> >
--> >     Russ> At 11:44 AM 11/29/2005, Sam Hartman wrote:
--> >     >> Honestly though the authors seem more upset about 
--> agility than
--> >     >> about md5.  I think we're certain we want agility.
--> >
--> >     Russ> There are two kinds of algorithm agility: - 
--> build it into
--> >     Russ> the protocol - update the protocol each time 
--> you want to use
--> >     Russ> a new algorithm
--> >
--> >I disagree that you always have the second.  In particular 
--> you may not
--> >have behavior that allows you to change the protocol.  For 
--> example the
--> >SMIME verifier behavior of requiring all (instead of one) 
--> signature to
--> >validate makes the change the protocol approach harder.
--> >
--> >I think this is an example of a case where you don't have 
--> the second
--> >kind of agility without changing the protocol.  In 
--> particular you need
--> >clients and hcp servers to expect there to be more than one record
--> >available.
--> >
--> >     Russ> Everyone always has the second. The author 
--> already made an
--> >     Russ> argument against the first, but other seem to 
--> be supporting
--> >     Russ> the other form.  I do not understand the impact on the
--> >     Russ> current deployment.  Do you?
--> >
--> >so, the deployed code will have to change somewhat 
--> already.  They are
--> >currently using txt records; they will need to transition 
--> to this new
--> >RR.
--> >
--> >
--> >However the update behavior if you add agility is more complicated.
--> 
--> 
--> _______________________________________________
--> Ietf mailing list
--> Ietf(_at_)ietf(_dot_)org
--> https://www1.ietf.org/mailman/listinfo/ietf
--> 

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: EARLY submission deadline - Fact or Fiction?, Gray, Eric
Next by Date:  Re: [dhcwg] Re: DHCID and the use of MD5 [Re: Last Call:'Resolution ofFQDN Conflicts among DHCP Clients' to ProposedStandard], Sam Hartman
Previous by Thread:  Re: DHCID and the use of MD5, Russ Housley
Next by Thread:  RE: EARLY submission deadline - Fact or Fiction?, Gray, Eric
Indexes:  [Date] [Thread] [Top] [All Lists]