Hi Russ, On 09.09.2010 16:56, Russ Housley wrote: > Will any implementations be impacted? If not, we should ask the > Security ADs for their best suggestion. At least we have one implementation, but it's nothing that we couldn't change easily. So getting advice from the security ADs would be good. RFC4270 recommends to change to HMAC-SHA-256+, but I don't know whether there exist already better alternatives. Regards, Roland > On 9/8/2010 7:24 PM, Roland Bless wrote: >>> -- section 4.1.1, 2nd paragraph: >>>> >>>> Is HMAC-MD5 still a reasonable choice for a single mandatory-to-implement algorithm these days? >> Good question. I thought that HMACs are not so strongly >> affected by the discovered hash algorithm weaknesses w.r.t. collision >> attacks. I could change this to HMAC-SHA-256 though. Any >> other suggestions? >> _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf