Russ,
Sorry, but what kind of options? Looking at my key
board, I can't tell whether you meant to type "available"
or "avoidable"...
--
Eric
--> -----Original Message-----
--> From: ietf-bounces(_at_)ietf(_dot_)org
[mailto:ietf-bounces(_at_)ietf(_dot_)org]
--> On Behalf Of Russ Housley
--> Sent: Tuesday, November 29, 2005 5:08 PM
--> To: Sam Hartman
--> Cc: ietf(_at_)ietf(_dot_)org; smb(_at_)cs(_dot_)columbia(_dot_)edu
--> Subject: Re: DHCID and the use of MD5
-->
--> Sam:
-->
--> Perhaps I was being too terse. I think we are in agreement
--> about the
--> most important parts. I was trying to say that once you are forced
--> to deploy new code, protocol changes and algorithm changes are both
--> avaioable options.
-->
--> Russ
-->
-->
--> At 12:51 PM 11/29/2005, Sam Hartman wrote:
--> > >>>>> "Russ" == Russ Housley <housley(_at_)vigilsec(_dot_)com> writes:
--> >
--> > Russ> At 11:44 AM 11/29/2005, Sam Hartman wrote:
--> > >> Honestly though the authors seem more upset about
--> agility than
--> > >> about md5. I think we're certain we want agility.
--> >
--> > Russ> There are two kinds of algorithm agility: -
--> build it into
--> > Russ> the protocol - update the protocol each time
--> you want to use
--> > Russ> a new algorithm
--> >
--> >I disagree that you always have the second. In particular
--> you may not
--> >have behavior that allows you to change the protocol. For
--> example the
--> >SMIME verifier behavior of requiring all (instead of one)
--> signature to
--> >validate makes the change the protocol approach harder.
--> >
--> >I think this is an example of a case where you don't have
--> the second
--> >kind of agility without changing the protocol. In
--> particular you need
--> >clients and hcp servers to expect there to be more than one record
--> >available.
--> >
--> > Russ> Everyone always has the second. The author
--> already made an
--> > Russ> argument against the first, but other seem to
--> be supporting
--> > Russ> the other form. I do not understand the impact on the
--> > Russ> current deployment. Do you?
--> >
--> >so, the deployed code will have to change somewhat
--> already. They are
--> >currently using txt records; they will need to transition
--> to this new
--> >RR.
--> >
--> >
--> >However the update behavior if you add agility is more complicated.
-->
-->
--> _______________________________________________
--> Ietf mailing list
--> Ietf(_at_)ietf(_dot_)org
--> https://www1.ietf.org/mailman/listinfo/ietf
-->
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf