Re: DHCID and the use of MD5 [Re: Last Call: 'Resolution of FQDN Conflicts among DHCP Clients' to Proposed Standard]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Monday 28 November 2005 10:49, Steven M. Bellovin wrote:
> I confess that I don't see the problem.

The problem is that in order to do what Pekka is proposing, we have to make a 
substantial change to the protocol.   This creates two problems: first, it 
means that this protocol, which is in wide use, has been in wide use for more 
than five years, the standard for which has been under development for ten 
years, will probably take another year to make standard, for this change 
alone.   As it has many times before.   This is a major language tweak, and 
will require substantial review.   Second, it renders implementations 
substantially more complicated, and creates a knob that administrators need 
to understand whether and how to turn, where no knob is needed.   Additional 
knobs that aren't needed have a net negative impact on overall system 
security - the overall impact of the proposed change will be to reduce, not 
enhance security.

I support the changes suggested by Havard that simply reduce the security 
claims being made here.   I do not support making any substantive changes to 
the protocol at this point - to do so will simply delay it longer, and will 
not add any value.   The only reason I can think of for not using MD5 is that 
at some point people might want to be able to avoid having an MD5 
implementation on their device because MD5 is generally deprecated.   I don't 
think this is a practical concern - MD5 implementations are with us for the 
long haul, deprecated or not.

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]