W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

Re: Comments on core-991001

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Thu, 07 Oct 1999 08:10:14 -0400
Message-Id: <199910071210.IAA06053@torque.pothole.com>
To: "W3c-Ietf-Xmldsig (E-mail)" <w3c-ietf-xmldsig@w3.org>
Well, no one has really spoken in favor of MD5.  If there are a number
of people opposed to including it as optional and no one really in favor,
the consensus is pretty clear.  :-)

Donald

From:  EKR <ekr@rtfm.com>
Resent-Date:  Wed, 6 Oct 1999 01:39:40 -0400 (EDT)
Resent-Message-Id:  <199910060539.BAA07233@www19.w3.org>
To:  "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Cc:  "W3c-Ietf-Xmldsig (E-mail)" <w3c-ietf-xmldsig@w3.org>
References:  <199910060437.AAA03772@torque.pothole.com>
Date:  05 Oct 1999 22:39:22 -0700
In-Reply-To:  "Donald E. Eastlake 3rd"'s message of "Wed, 06 Oct 1999 00:37:57 -0400"
Message-ID:  <kjyadhxd2t.fsf@romeo.rtfm.com>

>"Donald E. Eastlake 3rd" <dee3@torque.pothole.com> writes:
>> >11.  Section 7.1 -- Please remove all references to MD5.  We should not be
>> >pushing the older potentially bad hash algorithms (after all MD2 is not here
>> >either).  SHA1 will cover our needs until the AES hash algorithm comes along
>> 
>> I'd be interested in others input on this point.  MD5 was
>> traditionally the hash algorithm used in IETF protocols until SHA1
>> came along.  Are there examples of IETF protocols with SHA1 but
>> without MD5?
>I can't think of one off-hand, however, the newer TLS ciphersuites
>are SHA-1 only.
>
>In any case, I agree with Barbara and Jim. Dobbertin's made 
>enough inroads into MD5 that I'd rather not see it endorsed.
>
>-Ekr
>
>-- 
>[Eric Rescorla                                   ekr@rtfm.com]
>          PureTLS - free SSLv3/TLS software for Java
>                http://www.rtfm.com/puretls/
>
Received on Thursday, 7 October 1999 08:10:18 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT