I would recommend against suggesting MD5 as the hashing technology in a text to be used for future development. If necessary to describe the technology, I would recommend SHA-256(sha2) or SHA-512. This would not have the same issues of collisions as MD5 currently does.
On Thu, Dec 5, 2013 at 8:55 PM, Melinda Shore <[email protected]>wrote: > On 12/5/13 3:50 PM, ramki Krishnan wrote: > >>>REQ2: (Page 8) > > This should recommend some authorization mechanisms such as md5 checksum. > > I agree with your other suggestions, but 1) I don't think a > requirements document should be making specific technology > recommendations, and 2) md5 provides some assurances about > message integrity, but really has nothing to say about > policy. In rereading the requirement I think it's actually > not as clear as it could be although I think its intent is > absolutely correct. I'd probably change the text to something > along the lines of: > > "Before accepting a control packet, the device receiving > the packet MUST verify that the device sending the request > is authorized to make that request. This is a policy > decision." > > Melinda > > _______________________________________________ > nvo3 mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/nvo3 >
_______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
