W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 1996

Digest Auth etc...

From: <hallam@ai.mit.edu>
Date: Thu, 19 Sep 96 13:48:04 -0400
Message-Id: <9609191748.AA01091@etna.ai.mit.edu>
To: jg@zorch.w3.org, w3c-dist-auth@w3.org
Cc: hallam@ai.mit.edu

The digest authentication spec allows for the use of multiple
digest algorithms. I was aware of the potential problems with
MD5 at the time the draft was revised.

In fact the Dobbertin attack on MD5 is not relevant to the use
of MD5 as a MAC since it is a known plaintext attack and in this
case the plaintext (ie key) is the only variable we every want 
to conceal.

It is possible to use both SHA-1 and HMAC with digest authentication.
I suspect however that HMAC will be superceeded before gaining
widespread use since HMAC represents more of a compromise between
the cryptographers and the IPSEC group who insisted that nothing
be done to the internals of MD5 in case something broke. I
would expect future proposals for hash functions to define 
specific MAC modes based on the internal compressor function 
itself (the thin that makes the hash secure), rather than the
compressor function and chaining function combined (which is
how MD5 is specified).

I don't think that it would be productive for the distributed
authoring group to consider security issues. If SSL proves
inadequate and S-HTTP does not provide a suitable replacement it
would be worthwhile stating the security requirements, but I would
not anticipate doing any security work on specify a protocol,
other groups will do that.


	Phill
Received on Thursday, 19 September 1996 13:43:37 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:41 GMT