The issue would be a whole lot easier to resolve if we had an agreed upon algorithm for the "non security" usages. CRC64 comes to mind.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Eddy, Wesley M. (GRC-MS00)[ASRC AEROSPACE CORP] Sent: Wednesday, December 08, 2010 12:08 PM To: Francis Dupont; [email protected] Cc: [email protected]; [email protected]; [email protected] Subject: RE: Last Call: <draft-turner-md5-seccon-update-07.txt> (Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms) to Informational RFC The logic doesn't make sense in this position. "Crypto modules can't use MD5, thus no protocols at all should use MD5." ________________________________________ From: [email protected] [[email protected]] On Behalf Of Francis Dupont [[email protected]] Sent: Wednesday, December 08, 2010 9:55 AM To: [email protected] Cc: [email protected]; [email protected]; [email protected] Subject: Re: Last Call: <draft-turner-md5-seccon-update-07.txt> (Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms) to Informational RFC I have a concern about no security usages of MD5 for practical reasons: in some environments, including US Gov, crypto implementations (e.g., FIPS 140-2 HSMs) are required to not support MD5 so you can have to choose between a compliant application and a conformant crypto, for instance for DNS TSIG... So IMHO it is still a good idea to avoid MD5 in any uses, even when it is still far to have been proved insecure or for an use which is not about security. This could be caught by the "DEPRECATED" keyword in the registry but this registry doesn't seem to have usage entries?! To conclude I am fine with the implicit conclusion of the I-D to not use MD5 or HMAC-MD5 in new protocols. Thanks [email protected] PS: I am the gen-art reviewer for this document too. _______________________________________________ Ietf mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf _______________________________________________ Ietf mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf _______________________________________________ Ietf mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf
