[Fwd: Returned mail: Host unknown (Name server: w3.or: host not found)] from Alan Freier on 1996-09-19 (w3c-dist-auth@w3.org from July to September 1996)

Forwarded message 1

From: Mail Delivery Subsystem <MAILER-DAEMON@netscape.com>
Date: Thu, 19 Sep 1996 11:43:25 -0700
Subject: Returned mail: Host unknown (Name server: w3.or: host not found)
To: <freier@netscape.com>
Message-Id: <199609191843.LAA26068@cynic.mcom.com>

The original message was received at Thu, 19 Sep 1996 11:43:21 -0700
from localhost [127.0.0.1]

   ----- The following addresses had delivery problems -----
<w3c-dist-auth@w3.or>  (unrecoverable error)

   ----- Transcript of session follows -----
550 <w3c-dist-auth@w3.or>... Host unknown (Name server: w3.or: host not found)

   ----- Original message follows -----

Forwarded message 2

From: Alan Freier <freier@netscape.com>
Date: Thu, 19 Sep 1996 11:43:21 -0700
Subject: Re: Draft WG charter
To: w3c-dist-auth@w3.or
CC: jg@zorch.w3.org, Phil Karlton <karlton@netscape.com>
Message-ID: <32419448.1452@netscape.com>

Here's the definition of HMAC for those that are interested.

HMAC = <hash>(key XOR pad1 + <hash>(key XOR pad2 + data))

  replace <hash> with whatever (MD5, SHA, etc)
  pad1 and pad2 are well-known (ie, documented)

It's really just a combination of known items in such a way that the
security of the result does not rely on the <hash> involved having a
strong "collision intractable" property.

In my opinion, the pending downfall of MD5 is probably overplayed, and
its use in HMAC is perfectly acceptable. But those who play devil's
advocate roles in front of less enlightened audiences might use this
argument against emerging technologies. Fighting such mischief is a time
consuming hassle.

AO
-- 
Alan O. Freier		Corporate Cynic
<freier@netscape.com>	(415) 937-3638 (work)