>>>>> "Lyndon" == Lyndon Nerenberg <lyndon@xxxxxxxxxx> writes:
Lyndon> Finally, we need to address the issue of the MD5 "break."
Lyndon> I have held off from commenting on this issue until the
Lyndon> community has seen explicit evidence of the attack, and
Lyndon> the implications of it. At this point, I don't know if the
Lyndon> document deserves a writeup on the attack. Theory abounds,
Lyndon> but I haven't yet seen a practical attack that works in
Lyndon> the general case. We should at the least make mention of
Lyndon> what has been discussed, and point to the literature, but
Lyndon> I don't think the document deserves to discuss all the
Lyndon> possible attacks. This doesn't mean to discourage anyone
Lyndon> from contributing text to the Security Considerations
Lyndon> section (please do).
The security area seems to believe that hmac-md5 is still OK, at least
for now. Especially since cram-md5 does not require much structure
for the challenge, we should discuss the issue in the security
considerations section.
Will you need agenda time at the next meeting? If so, can you give an
estimate of how much and what we want to cover?
Thanks,
--Sam
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf