Hi,
where are we with regards to resolving this discuss?
Lars
On 2010-9-9, at 19:51, Roland Bless wrote:
Hi Russ,
On 09.09.2010 16:56, Russ Housley wrote:
Will any implementations be impacted? If not, we should ask the
Security ADs for their best suggestion.
At least we have one implementation, but it's nothing that
we couldn't change easily. So getting advice from the security
ADs would be good. RFC4270 recommends to change to
HMAC-SHA-256+, but I don't know whether there exist already better
alternatives.
Regards,
Roland
On 9/8/2010 7:24 PM, Roland Bless wrote:
-- section 4.1.1, 2nd paragraph:
Is HMAC-MD5 still a reasonable choice for a single mandatory-to-implement
algorithm these days?
Good question. I thought that HMACs are not so strongly
affected by the discovered hash algorithm weaknesses w.r.t. collision
attacks. I could change this to HMAC-SHA-256 though. Any
other suggestions?
_______________________________________________
Gen-art mailing list
Gen-art(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/gen-art
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf