From: "baldwin" <baldwin@RSA.COM (Robert W. Baldwin)>
Date: Thu, 2 Nov 1995 08:15:16 +0800
To: perry@piermont.com
Subject: Re: Keyed-MD5, and HTTP-NG
Message-ID: <9510018152.AA815258328@snail.rsa.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry,
        I personally spoke to Bill Simpson about this problem.  I should have
given you a phone call or email in addition to speaking to Bill.  In my
opinion this problem does not at all reflect on your skills or reputation.
What it signifies to me is the poor state of cryptographic engineering.
If anything, it points out the wisdom of the IPsec designers in requiring
that key material have a limited lifetime.  A wise engineering choice like
this protects the system against many different kinds of attacks.  Of course,
the protocol implementors often omit "details" like key lifetime limits.
In fact, 17 years ago when I wrote a TCP/IP stack for the Xerox Alto I left
out several "details", which of course caused lots of problems when I
did interoperability testing with a mainframe (Multics).
                --Bob


______________________________ Reply Separator _________________________________

On 11/1/95 10:20 AM, perry@piermont.com worte:

> There were two names on the MD5 document -- mine and Bill
> Simpson's. Bill didn't tell me that he was called (I suspect he 
> would have), and I wasn't called, either. We were the only two 
> editors of that portion of the specification.
> 
> Given that my name was on that document and that I made a large effort to 
> try to make sure that people examined the algorithms and thought they were 
> good, and that I have some of my reputation tied to that document, I am 
> rather unhappy at the fact that I only find out third hand about what people 
> in the field have determined about our selected algorithm.