Re: CRAMing for last call

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>>>>> "Lyndon" == Lyndon Nerenberg <lyndon@xxxxxxxxxx> writes:

    Lyndon> Finally, we need to address the issue of the MD5 "break."
    Lyndon> I have held off from commenting on this issue until the
    Lyndon> community has seen explicit evidence of the attack, and
    Lyndon> the implications of it. At this point, I don't know if the
    Lyndon> document deserves a writeup on the attack. Theory abounds,
    Lyndon> but I haven't yet seen a practical attack that works in
    Lyndon> the general case. We should at the least make mention of
    Lyndon> what has been discussed, and point to the literature, but
    Lyndon> I don't think the document deserves to discuss all the
    Lyndon> possible attacks. This doesn't mean to discourage anyone
    Lyndon> from contributing text to the Security Considerations
    Lyndon> section (please do).

The security area seems to believe that hmac-md5 is still OK, at least
for now.  Especially since cram-md5 does not require much structure
for the challenge, we should discuss the issue in the security
considerations section.

Will you need agenda time at the next meeting?  If so, can you give an
estimate of how much and what we want to cover?

Thanks,

--Sam


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]