The only reason it is here is that it was what was called out for
this job in 3261.
So - Give me an alternative.
RjS
On Oct 3, 2006, at 4:35 PM, Cullen Jennings wrote:
On Oct 3, 2006, at 12:52 PM, Robert Sparks wrote:
I take it you are explicitly objecting to the statement that MD5
is a reasonable non-normatively specified choice?
You have also clearly objected to 128 as a suggestion (The text
does NOT mandate a length).
RjS
Yes - MD5 is a cryptographic hash and I thought we all agreed that
use off cryptographic hash was not the best choice. If we think
cryptographic hash ideas are a good idea, then we need to explain
why.
Using a cryptographic hash, even in an example, is a huge red flag
for any security person reviewing this. The fact that we used this
particular one which has significant security issues, is a even
bigger issue. Partially I think MD5 is totally lame to use here
because it is slow and offer no advantages over better things and
partially I am trying to avoid any delays due to security review
where someone points out we should not be using MD5 in new
protocols. If the we can't figure out a reasonable hash to
suggest, how should an implementer figure out what to use. I've
been trying to say, I don't care what but don't choose a
cryptographic one. If people have a good reason for wanting MD5,
I'm glad to listen but I just had not heard the reason yet.