From: “Perry E. Metzger” <perry@piermont.com>
To: hallam@w3.org
Message Hash: 46b5fcadbfe1b226e855cc43498e583f34b13868ca179c75df921bedaefb916e
Message ID: <199511011359.IAA01892@jekyll.piermont.com>
Reply To: <9510312015.AA00768@zorch.w3.org>
UTC Datetime: 1995-11-01 14:25:17 UTC
Raw Date: Wed, 1 Nov 1995 22:25:17 +0800
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 1 Nov 1995 22:25:17 +0800
To: hallam@w3.org
Subject: Re: Keyed-MD5, ITAR, and HTTP-NG
In-Reply-To: <9510312015.AA00768@zorch.w3.org>
Message-ID: <199511011359.IAA01892@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain
hallam@w3.org writes:
>
> >A keyed version of MD5 is the base authentication mechanism in IPSP
> >and it has been heavily examined by a number of very good
> >cryptographers.
>
> Yes we reviewed it and said that it sucked.
>
> Phil wrote a note to Ron and Ron sent in a series of comments.
Phil was complaining largely because in spite of his apparent
cryptography credentials he's a lughead who can't have been bothered
to understand the architecture -- most of his comments reflected a
general ignorance of the process and of the discussions that had
preceeded. He also complained that the transforms weren't sufficiently
generic for his tastes. However, no complaints AT ALL were made about
Hugo's selection of cryptographic transform. We were assured by
everyone that it was the right thing to do, with people swearing up
and down that it was the appropriate idea. Do you want me to extract
the mailing list archives? Every last posting on this topic is on
line.
> The sequence of events I heard was that they asked Burt Kaliski for
> a suggestion, he gave them one and they chose something different.
Actually, Kaliski made an off-the-cuff suggestion that all the other
crypto folks ripped apart, largely because it was obvious even to me
how it could be attacked, and then he backed off.
Perry
Return to November 1995
Return to “Simon Spero <ses@tipper.oit.unc.edu>”