[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: draft-ietf-rap-rsvp-authsession documents

To: "'Louis-Nicolas Hamer'" <nhamer@nortelnetworks.com>, "Rap-wg (E-mail)" <rap@ops.ietf.org>
Subject: RE: draft-ietf-rap-rsvp-authsession documents
From: "Durham, David" <david.durham@intel.com>
Date: Tue, 6 Aug 2002 09:56:53 -0700
Cc: "'Wijnen, Bert (Bert)'" <bwijnen@lucent.com>, "Steve Bellovin (E-mail)" <smb@research.att.com>, "Eric Rescorla (E-mail)" <ekr@rtfm.com>

> -----Original Message-----
> From: Louis-Nicolas Hamer [mailto:nhamer@nortelnetworks.com]
> > -----Original Message----- 
> > From: Wijnen, Bert (Bert) [mailto:bwijnen@lucent.com] 
> > Sent: Monday, August 05, 2002 7:11 AM 
> > To: Rap-wg (E-mail) 
> > Subject: RE: draft-ietf-rap-rsvp-authsession documents 
> > > 
> > > Be more explicit about what HMAC-MD5-96 means -- I don't 
> > believe that 
> > > that string is defined in 2104.  Why truncate to 96 bits? 
>
> I simply followed what was specified in the COPS RFC (rfc 2748 SECTION
2.2.16) to encourage 
> re-use of what has been specified already. But, as you suggest in the text
below, 
> I am fine with 16 bytes. 
  
[Dave] COPS RFC truncates the HMAC-MD5 because a full precision 16 byte HMAC
opens the system up to attacks. It is recommended to truncate to some subset
of the bits. See 2104 section 5. Note also that the HMAC-MD5-XX string
convention is indeed introduced in RFC 2104 section 5!

Prev by Date: RE: draft-ietf-rap-rsvp-authsession documents
Next by Date: RE: Request to advance drafts
Previous by thread: RE: draft-ietf-rap-rsvp-authsession documents
Next by thread: RE: FW: draft-ietf-rap-rsvp-authsession documents
Index(es):
- Date
- Thread