[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: draft-jones-opsec-04 comments
On Fri, 26 Mar 2004, James Ko wrote:
> Not sure if this has been discussed before, if it does - sorry if I repeat
> the question again.
> In Section 2.2.2., you mention new protocols should not use MD5, but
Note that that's a quote from 3631 which the IAB giving advice
for new protocols. This is
> What is your view on existing routing protocols, such as OSPF, BGP, or LDP?
> What is the plan going forward? Is there hope to retrofit these existing
> ones, or we envision IPsec will be the way of the future? Comments
Try this rewording:
04> Note that for *new protocols* [RFC3631] says the following:
04> "Simple keyed hashes based on MD5 [RFC1321], such as that used
04> in the BGP session security mechanism [RFC2385], are especially
04> to be avoided in new protocols, given the hints of weakness in
04> MD5." While use of such hashes in deployed products and
04> protocols is preferable the complete lack of integrity and
04> authentication checks, this document concurs with the
04> recommendation that new products and protocols strongly consider
George M. Jones | The down side is that in the mixed-up world of large
| corporate bureaucracies we could be seen creative,
| free thinking, intelligent, hard-working, individuals.
| Alan Pitts