[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Sterman Issue 7] Message Authenticator: Options

To: "'gwz@cisco.com'" <gwz@cisco.com>, Avi Lior <avi@bridgewatersystems.com>, radiusext@ops.ietf.org
Subject: RE: [Sterman Issue 7] Message Authenticator: Options
From: Avi Lior <avi@bridgewatersystems.com>
Date: Mon, 22 Nov 2004 16:44:56 -0500

Hi Glen,

If you allow HMAC-MD5 people will keep using it.  If HMAC-MD5 is an issue,
then in my opinion don't provide that option.

Besides folks already have Message-Authenticator that they can use. 


> -----Original Message-----
> From: Glen Zorn (gwz) [mailto:gwz@cisco.com] 
> Sent: Monday, November 22, 2004 4:37 PM
> To: 'Avi Lior'; radiusext@ops.ietf.org
> Subject: RE: [Sterman Issue 7] Message Authenticator: Options
> 
> 
> Avi Lior <> wrote:
> 
> > -Will keywrap be ready in time?
> > This is important but the authors feel that it is ready to go.
> > However, note that Keywrap allows Message-Authentication-Code to
> be
> > HMAC-MD5 isn't this a problem?
> 
> The use of HMAC-MD5 is optional and included just for ease of 
> transition.  It is _not_ required by the draft; if you like, 
> we can add text to the Security Considerations section 
> deprecating its use (or even remove it altogether -- I have 
> no problem with that).
> 
> > 
> > Your comments and opinion would be appreciated.
> > 
> > Avi
> 
> Hope this helps,
> 
> ~gwz
> 
> Why is it that most of the world's problems can't be solved by simply
>   listening to John Coltrane? -- Henry Gabriel
> 

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: Re: [Sterman Issue 7] Message Authenticator: Options
Next by Date: RE: [Sterman Issue 7] Message Authenticator: Options
Previous by thread: RE: [Sterman Issue 7] Message Authenticator: Options
Next by thread: RE: [Sterman Issue 7] Message Authenticator: Options
Index(es):
- Date
- Thread