[18674] in cryptography@c2.net mail archive
Re: [saag] status of SSL vs SHA-1/MD-5, etc.?
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Sun Oct 16 14:33:17 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Ben Laurie <ben@algroup.co.uk>
Cc: Alex Alten <alex@alten.org>, cryptography@metzdowd.com,
cfrg@ietf.org, saag@mit.edu
In-Reply-To: Your message of "Sun, 16 Oct 2005 17:07:22 BST."
<43527ABA.9040303@algroup.co.uk>
Date: Sun, 16 Oct 2005 14:24:55 -0400
In message <43527ABA.9040303@algroup.co.uk>, Ben Laurie writes:
>Steven M. Bellovin wrote:
>> As Eric Rescorla and I showed, though, none of the network protocols
>> are ready for deployment of a new hash function. That is, newer
>> versions of OpenSSL support may SHA-256, but there's no way to
>> negotiate such usage if you don't know the status of the system to
>> which you're talking.
>
>None of the ones you looked at you mean - your survey wasn't comprehensive.
>
No, it wasn't comprehensive, but we looked at the major IETF protocols.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
