"Donald E. Eastlake 3rd" <dee3@torque.pothole.com> writes: > >11. Section 7.1 -- Please remove all references to MD5. We should not be > >pushing the older potentially bad hash algorithms (after all MD2 is not here > >either). SHA1 will cover our needs until the AES hash algorithm comes along > > I'd be interested in others input on this point. MD5 was > traditionally the hash algorithm used in IETF protocols until SHA1 > came along. Are there examples of IETF protocols with SHA1 but > without MD5? I can't think of one off-hand, however, the newer TLS ciphersuites are SHA-1 only. In any case, I agree with Barbara and Jim. Dobbertin's made enough inroads into MD5 that I'd rather not see it endorsed. -Ekr -- [Eric Rescorla ekr@rtfm.com] PureTLS - free SSLv3/TLS software for Java http://www.rtfm.com/puretls/Received on Wednesday, 6 October 1999 01:39:36 GMT
This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT