Re: Draft WG charter

> We have been operating under the assumption that MD5 authentication would
> be sufficient for our needs -- if something better than MD5 comes along, we
> would hope we could use it.  Again, the draft should state this.

As long as you're restating the assumptions, I'll add my bit.

MD5 is not likely to survive much longer and therefore should be
considered inappropriate. Claims of being close to breaking it are
beginning to circulate, including predictions of that event happening
yet this year.

As for a suitable replacement, SHA (aka, SHA-1) seems to be the likely
candidate. There is also a hash out of Europe that seems to have the
right attributes (but alas, I can't remember the name).

AO
-- 
Alan O. Freier		Corporate Cynic
<freier@netscape.com>	(415) 937-3638 (work)

Received on Wednesday, 18 September 1996 13:23:05 UTC