[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Keyed-MD5, ITAR, and HTTP-NG
>For example, it's probably a real bad idea to replace DES with something
>commonly called RC4. The former has been under public scrutiny for years,
>the later still has not formally emerged from the shroud of trade secret.
>The keyed MD5 responses also don't inspire confidence.
I disagree. Basically Simon simply has to stick in some parameters so that
the crypto alg can change with time. There should be slots for the following
Symmetric cipher IDEA, RC4, 3DES
Keyed Digest KD* (paper to follow, there are 7 to chose from).
Key exchange Diffie-Helleman, El Gammal, RSA
Signature RSA, El Gammal, Rabin (Shamir variation), DSS
Hash functions MD5, SHA
I don't think that we are intending to tap Simons skill in designing
ciphers. We have Ron Rivest and Taher El Gamal for that, plus help from
Adi Shamir and if we get stuck I'll bang on some other doors. I really don't
think we have a problem lacking cryptographers. Simon is putting in security
input which is different. We have an equally star studded cast for that side of
things (and if we get stuck I'll e-mail some more characters).