>>>>> "Mark" == Mark Stapp <mjs@xxxxxxxxx> writes:
Mark> would such a clarification be "enough" to resolve your
Mark> DISCUSS, Sam Hartman? that is, if it were clearer that we're
Mark> only aiming for more difficult than not difficult at all -
Mark> would that be sufficiently clear guidance to admins about
Mark> what they should expect from this mechanism?
So, as I described in my response to Russ, I'm asking for three things:
1) algorithm agility
2) Remove the paragraph explaining why md5 is OK or provide a
theoretical model under which we can reason about how good a hash
is at keeping stuff private.
3) Use sha-1 or sha-256 instead of md5.
I feel very strongly about point 1. Unfortunately I think this is the
point the working group most objects to. I understand the concerns
about the complexity of the update process. However I also know that
security primitives are things that you need to replace from time to
time. If you were using md5 because it had a relatively even
distribution of outputs you could probably convince me that you don't
need a way to update it. However even if weakly you're using md5 for
its cryptographic properties. Those can change over time so you need
a mechanism to react to those changes.
I suspect we can all agree that we need to either reword claims about
security of cryptographic primitives so they are clearly true or
remove those claims. So I don't think that we're going to have much
of an issue with point 2.
I think there is room for discussion on point 3. I think sha-1 or
sha-256 would be a better choice. I think that there is an argument
that md5 is not so bad that it cannot be used. If the working group
ends up responding that it would really like to use md5, I can go to
the security community and see what people think there.
--Sam
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf