Would a path forward be to do this?: 1) Change the algorithm in Section 2 to use HMAC.
2) Add a Section 2.1 that talks about extant implementation(s) that use only H, even though it's known to be attackable, because (reasons to tolerate the vulnerabilities that we've already given). _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
