I think that Hank raises a very good question. There has been
a very active discussion of this on NANOG, both re SSL, BGP and in
general.
Here is the original link :
<http://hackaday.com/2008/12/30/25c3-hackers-completely-break-ssl-using-200-ps3s/
>
Regards
Marshall
Begin forwarded message:
From: Hank Nussbacher <hank@xxxxxxxxxxxxxxx>
Date: January 4, 2009 2:22:06 AM EST
To: Mikael Abrahamsson <swmike@xxxxxxxxx>, "nanog@xxxxxxxxx" <nanog@xxxxxxxxx
>
Subject: Re: Security team successfully cracks SSL using 200 PS3's
and MD5 flaw.
At 06:44 PM 03-01-09 +0100, Mikael Abrahamsson wrote:
On Sat, 3 Jan 2009, Hank Nussbacher wrote:
You mean like for BGP neighbors? Wanna suggest an alternative? :-)
Well, most likely MD5 is better than the alterantive today which is
to run no authentication/encryption at all.
But we should push whoever is developing these standards to go for
SHA-1 or equivalent instead of MD5 in the longer term.
Who is working on this? I don't find anything here:
http://www.ietf.org/html.charters/idr-charter.html
All I can find is:
http://www.ietf.org/rfc/rfc2385.txt
http://www.ietf.org/rfc/rfc3562.txt
http://www.ietf.org/rfc/rfc4278.txt
Nothing on replacing MD5 for BGP.
-Hank
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf