In your previous mail you wrote: First, changing the algorithm will not affect interoperability. The generation of the IID is local to each node. => so the change should not be a problem if it is justified.
Second, we are attempting to move this document from PS to DS, so making a gratuitous change to the hash algorithm is not usually favored. => the argument is that MD5 is/shall be not available by default. I suggest to give it to security area directors for an advice. In addition, will we change it again when a newer algorithm comes along? => your proposal is a nice answer. Perhaps an alternative, if people feel a need to move away from MD5, would be to not specify a single hash, but rather give a list of possible hashes. And an informative pointer to RFC 1750 would help with this direction. => this seems a wOnderful idea! Thanks [EMAIL PROTECTED] PS: draft-ietf-ipsec-esp-ah-algorithms-02.txt changes MD5 based algo requirement levels from MUST to MAY so the argument about MD5 seems to be right. -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------