ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

comments on draft-turner-md4-to-historic-03

2010-09-01 10:47:10
from [Simon Josefsson] [Permanent Link] 
Thanks for this document.  Re RFC 2289 it says:

       o The initial One-Time Password systems, based on [RFC2289], 
        have ostensibly been replaced by HMAC based mechanism, as 
        specified in HOTP: An HMAC-Based One-Time Password Algorithm 
        [RFC4226].  [RFC4226] suggests following recommendations in 
        [RFC4086] for random input, and in [RFC4086] weakness of MD4 
        are discussed. 

This sounds as if we should deprecate RFC 2289, and recommend RFC 4226
instead.  However RFC 4226 is not on the standards track.  Should it be
advanced to the standard track?  HOTP doesn't have exactly the same
properties as S/KEY, but for practical purposes the are close enough.

/Simon
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • comments on draft-turner-md4-to-historic-03, Simon Josefsson <=
Previous by Date:  RE: IETF Attendance by continent, Ross Callon
Next by Date:  Re: IETF Attendance by continent, Marshall Eubanks
Previous by Thread:  Re: NAT behavior for IP ID field, Iljitsch van Beijnum
Next by Thread:  Re: Is this true?, Phillip Hallam-Baker
Indexes:  [Date] [Thread] [Top] [All Lists]