Hi, where are we with regards to resolving this discuss? Lars On 2010-9-9, at 19:51, Roland Bless wrote: > Hi Russ, > > On 09.09.2010 16:56, Russ Housley wrote: >> Will any implementations be impacted? If not, we should ask the >> Security ADs for their best suggestion. > > At least we have one implementation, but it's nothing that > we couldn't change easily. So getting advice from the security > ADs would be good. RFC4270 recommends to change to > HMAC-SHA-256+, but I don't know whether there exist already better > alternatives. > > Regards, > Roland > >> On 9/8/2010 7:24 PM, Roland Bless wrote: >>>> -- section 4.1.1, 2nd paragraph: >>>>> >>>>> Is HMAC-MD5 still a reasonable choice for a single mandatory-to-implement algorithm these days? >>> Good question. I thought that HMACs are not so strongly >>> affected by the discovered hash algorithm weaknesses w.r.t. collision >>> attacks. I could change this to HMAC-SHA-256 though. Any >>> other suggestions? >>> > > _______________________________________________ > Gen-art mailing list > Gen-art@xxxxxxxx > https://www.ietf.org/mailman/listinfo/gen-art
<<attachment: smime.p7s>>
_______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf