RE: draft-jones-opsec-04 comments

[George Jones <gmj@pobox.com>]

On Fri, 26 Mar 2004, James Ko wrote:

> George,
>
> Not sure if this has been discussed before, if it does - sorry if I repeat
> the question again.
>
> In Section 2.2.2., you mention new protocols should not use MD5, but
> SHA-1.

Note that that's a quote from 3631 which the IAB giving advice
for new protocols.  This is

>
> What is your view on existing routing protocols, such as OSPF, BGP, or LDP?
> What is the plan going forward?  Is there hope to retrofit these existing
> ones, or we envision IPsec will be the way of the future?  Comments
> anyone?

Try this rewording:

04>       Note that for *new protocols* [RFC3631] says the following:
04>      "Simple keyed hashes based on MD5 [RFC1321], such as that used
04>      in the BGP session security mechanism [RFC2385], are especially
04>      to be avoided in new protocols, given the hints of weakness in
04>      MD5."  While use of such hashes in deployed products and
04>      protocols is preferable the complete lack of integrity and
04>      authentication checks, this document concurs with the
04>      recommendation that new products and protocols strongly consider
04>      alternatives.

Thanks,
George M. Jones    |  The down side is that in the mixed-up world of large
                   |  corporate bureaucracies we could be seen creative,
                   |  free thinking, intelligent, hard-working, individuals.
                   |      Alan Pitts