On 2/22/2010 8:46 PM, Doug Barton wrote:
On 02/22/10 11:59, Evan Hunt wrote:
Note that RFC 5155 takes the time to put the issue to rest not once but
twice:
I am on the fence regarding the necessity of mentioning the hash
collision issue in 4641bis. While other potential security concerns are
not directly relevant to the topic, this one is (in spite of the fact
that the possibility of a useful collision is unimaginably small).
My thoughts are sort of leaning in the direction that a very brief
mention of the issue combined with a reference to what Evan quoted in
5155 (which seems to handle the issue well) is probably the right
direction to go.
Doug the real issue here is that there is no standard - and any IETF
initiative may or may not include content like this meaning its up to
the WG as to whether they produce documents that are uniform or
documents which make it harder to rely on IETF standards. Why this is
important is consistency - something the IETF has very little of except
in its massively uncoordinated number of voices all screaming they dont
and wont be accountable for the damage their actions cause.
Sorry folks - but disclosure is the rule - so something about the
potential hash collision needs to be in the document and there are
liability issues for the people and their sponsor's involved who vote to
keep these types of key factor's out of the work products because they
dont want their documents soiled by 'statements that the lifetime of the
Intellectual Property is limited' which is what putting anything about
why the thing may not work does IMHO.
Todd Glassey
Doug
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.435 / Virus Database: 271.1.1/2704 - Release Date: 02/22/10
19:34:00
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop