On Monday 28 November 2005 10:49, Steven M. Bellovin wrote: > I confess that I don't see the problem. The problem is that in order to do what Pekka is proposing, we have to make a substantial change to the protocol. This creates two problems: first, it means that this protocol, which is in wide use, has been in wide use for more than five years, the standard for which has been under development for ten years, will probably take another year to make standard, for this change alone. As it has many times before. This is a major language tweak, and will require substantial review. Second, it renders implementations substantially more complicated, and creates a knob that administrators need to understand whether and how to turn, where no knob is needed. Additional knobs that aren't needed have a net negative impact on overall system security - the overall impact of the proposed change will be to reduce, not enhance security. I support the changes suggested by Havard that simply reduce the security claims being made here. I do not support making any substantive changes to the protocol at this point - to do so will simply delay it longer, and will not add any value. The only reason I can think of for not using MD5 is that at some point people might want to be able to avoid having an MD5 implementation on their device because MD5 is generally deprecated. I don't think this is a practical concern - MD5 implementations are with us for the long haul, deprecated or not. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf