- From: <hallam@ai.mit.edu>
- Date: Thu, 19 Sep 96 13:48:04 -0400
- To: jg@zorch.w3.org, w3c-dist-auth@w3.org
- Cc: hallam@ai.mit.edu
The digest authentication spec allows for the use of multiple digest algorithms. I was aware of the potential problems with MD5 at the time the draft was revised. In fact the Dobbertin attack on MD5 is not relevant to the use of MD5 as a MAC since it is a known plaintext attack and in this case the plaintext (ie key) is the only variable we every want to conceal. It is possible to use both SHA-1 and HMAC with digest authentication. I suspect however that HMAC will be superceeded before gaining widespread use since HMAC represents more of a compromise between the cryptographers and the IPSEC group who insisted that nothing be done to the internals of MD5 in case something broke. I would expect future proposals for hash functions to define specific MAC modes based on the internal compressor function itself (the thin that makes the hash secure), rather than the compressor function and chaining function combined (which is how MD5 is specified). I don't think that it would be productive for the distributed authoring group to consider security issues. If SSL proves inadequate and S-HTTP does not provide a suitable replacement it would be worthwhile stating the security requirements, but I would not anticipate doing any security work on specify a protocol, other groups will do that. Phill
Received on Thursday, 19 September 1996 13:43:37 UTC