[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Keyed-MD5, ITAR, and HTTP-NG
>A keyed version of MD5 is the base authentication mechanism in IPSP
>and it has been heavily examined by a number of very good
>cryptographers.
Yes we reviewed it and said that it sucked.
Phil wrote a note to Ron and Ron sent in a series of comments. I suggested that
the idea of a keyed digest be stated as a separate concept from a hash function.
Functions of one variable are intrinsically different from functions of two
variables.
The sequence of events I heard was that they asked Burt Kaliski for a suggestion,
he gave them one and they chose something different.
>Isn't this what the GSS-API is about? Couldn't HTTP-NG just convey GSS
>"tokens", and do something about getting both sides to agree on which GSS
>"mechanism" is to be used, and on what Principals are involved?
GSS is often brought up on occasions like this. I have never seen an architectural
overview of what it is trying to achieve for me or how. When I am provided
with a clear definition of what it is I hope to arrive at a clear explanation
of why I'm not using it. Unfortunately the RFC process strips the rationale
part out of the specs.
Phill