Changes Specified by Draft Current draft standardizes added HMAC algorithm FQDN syntax “TLDs” for all SHAs as follows: SHA1., SHA224., SHA256., SHA384., SHA512. Recommends implementation of SHA1 and 96 bit truncated SHA1, other new algorithms optional, HMAC-MD5 remains the only mandatory algorithm. Proposes to support truncation specified in algorithm name as in “96.SHA1.” This is a bad idea as this is only needed for MACs of a non-integral number of octets. Can use the TSIG MAC length field for truncation control. What do current implementations do if MAC length field is “wrong”? |