Sam Hartman wrote: > > I'm OK with this text. I tried to come up with a way to briefly discuss > how error detection is very related to things like protecting against > substitution of content (the internet mirror case) but failed to come up > with something brief. > So, I'm fine with what you have.
The use of MD5 _is_ a security problem in integrity protection scenarios. When used for checksums when mirroring sites, a "contributor" could precompute a collision for a file he contributed in order to perform an MITM attack on specific downloads (substituting a trojaned package with the same md5sum into the download while leaving the file on the Download servers clean. -Martin _______________________________________________ Ietf mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf
