>>>>> "Simon" == Simon Josefsson <jas@xxxxxxxxxxx> writes:
Simon> "Kurt D. Zeilenga" <Kurt@xxxxxxxxxxxx> writes:
>> It is my recommendation that the mandatory-to-implement
>> "strong" authentication mechanism for this protocol be either:
>> DIGEST-MD5 (with a mandate that implementations support its
>> data security layers) TLS+PLAIN (with a recommendation that
>> PLAIN not be used when TLS is not in use).
Simon> I don't think recommending the DIGEST-MD5 security layers
Simon> is a good idea.
Simon> The integrity layer is hard coded to be HMAC-MD5, with keys
Simon> derived using a home-grown key-derivation function based on
Simon> MD5.
I think the key derivation function used by digest-md5 is sound given
reasonable assumptions. I am reasonably certain this is true under
the random oracle assumption but believe it may be true under weaker
assumptions.
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf