ietf
[Top] [All Lists]

Re: [Gen-art] Gen-ART LC Review of draft-ietf-nsis-nslp-auth-06

2010-09-20 09:09:41
Hi,

where are we with regards to resolving this discuss?

Lars

On 2010-9-9, at 19:51, Roland Bless wrote:

Hi Russ,

On 09.09.2010 16:56, Russ Housley wrote:
Will any implementations be impacted?  If not, we should ask the
Security ADs for their best suggestion.

At least we have one implementation, but it's nothing that
we couldn't change easily. So getting advice from the security
ADs would be good. RFC4270 recommends to change to
HMAC-SHA-256+, but I don't know whether there exist already better
alternatives.

Regards,
Roland

On 9/8/2010 7:24 PM, Roland Bless wrote:
-- section 4.1.1, 2nd paragraph:

Is HMAC-MD5 still a reasonable choice for a single mandatory-to-implement 
algorithm these days?
Good question. I thought that HMACs are not so strongly
affected by the discovered hash algorithm weaknesses w.r.t. collision
attacks. I could change this to HMAC-SHA-256 though. Any
other suggestions?


_______________________________________________
Gen-art mailing list
Gen-art(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/gen-art

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
<Prev in Thread] Current Thread [Next in Thread>