> So I've been thinking a little about this. First, I do not > know of any practical md5 preimage attacks so far, however, > if we allow tcp-md5 in this spec, we're effectively betting > that that will remain the case for a few years at least and > that's not a bet with which I'd be happy when we do have > stronger options that are already specified.
let me try again. while i agree with you philosophically, packets do not move very well on 'specified.' and unless someone throws a lot of cash at it, AO looks as if is likely not to be available for a long on the set of platforms operators use for services, *BSD, Linux, and Solaris. randy _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
