In your previous mail you wrote: I think a published update to MD5 security considerations should clearly say what it's still fine to do with MD5, in addition to what it's not safe to do. This would mean adding a couple sentences, and that's about all it would really take to be clear on the issue: "Since RFC 1321 was published, MD5 found popular use in checksuming large file transfers. This use of MD5 is still reasonable, as the level of collision resistance is of less importance in this application and MD5 may be significantly more efficient than cryptographically stronger algorithms. Communications, networking, and storage systems prone to errors (e.g. due to faulty hardware, drivers, bit-errors, faulty NAT/ALG algorithms, etc) do not implement the known MD5 collision-finding algorithms, and MD5 remains highly effective at detecting such errors." => you are trying to amplify the practical issue so I can't see how it solves it (:-)... Regards Francis.Dupont@xxxxxxxxxx PS: BTW IMHO a dedicated function should be better than MD5 for this use, of course to reuse MD5 is easier (and I did it too :-). _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf