1995-10-31 - Re: Keyed-MD5, ITAR, and HTTP-NG

Header Data

From: hallam@w3.org
To: Rich Salz <cypherpunks@toad.com
Message Hash: add0007da78675040545dd4995f3abaaf5ac9330820f97b6bdfe0bac7cdbae6a
Message ID: <9510310427.AA28252@zorch.w3.org>
Reply To: <9510310330.AA08343@sulphur.osf.org>
UTC Datetime: 1995-10-31 04:54:37 UTC
Raw Date: Tue, 31 Oct 1995 12:54:37 +0800

Raw message

From: hallam@w3.org
Date: Tue, 31 Oct 1995 12:54:37 +0800
To: Rich Salz <cypherpunks@toad.com
Subject: Re: Keyed-MD5, ITAR, and HTTP-NG
In-Reply-To: <9510310330.AA08343@sulphur.osf.org>
Message-ID: <9510310427.AA28252@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



>For example, it's probably a real bad idea to replace DES with something
>commonly called RC4.  The former has been under public scrutiny for years,
>the later still has not formally emerged from the shroud of trade secret.
>The keyed MD5 responses also don't inspire confidence.

I disagree. Basically Simon simply has to stick in some parameters so that
the crypto alg can change with time. There should be slots for the following 
algs :-

Symmetric cipher	IDEA, RC4, 3DES
Keyed Digest		KD* (paper to follow, there are 7 to chose from).

Key exchange		Diffie-Helleman, El Gammal, RSA
Signature		RSA, El Gammal, Rabin (Shamir variation), DSS
Hash functions		MD5, SHA

I don't think that we are intending to tap Simons skill in designing 
ciphers. We have Ron Rivest and Taher El Gamal for that, plus help from
Adi Shamir and if we get stuck I'll bang on some other doors. I really don't 
think we have a problem lacking cryptographers. Simon is putting in security 
input which is different. We have an equally star studded cast for that side of 
things (and if we get stuck I'll e-mail some more characters).

	Phill





Thread