Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms
draft-turner-md5-seccon-update-08
Yes
(Alexey Melnikov)
(Peter Saint-Andre)
No Objection
(Adrian Farrel)
(Robert Sparks)
(Ron Bonica)
(Stewart Bryant)
(Tim Polk)
Recuse
(Sean Turner)
Note: This ballot was opened for revision 08 and is now closed.
Alexey Melnikov Former IESG member
Yes
Yes
()
Unknown
Peter Saint-Andre Former IESG member
Yes
Yes
()
Unknown
Russ Housley Former IESG member
Yes
Yes
(2011-01-05)
Unknown
I think this documnet would be more useful to people trying to choose an algorithm if Section 2 were structured to present the conclusions at the beginning, and then provide the details in the susbsections. I suggest: MD5 was published in 1992 as an Informational RFC. Since that time, MD5 has been extensively studied and new cryptographic attacks have been discovered. Message digest algorithms are designed to provide collision, pre-image, and second pre-image resistance. In addition, message digest algorithms are used with a shared secret value for message authentication in HMAC, and in this context, some people may find the guidance for key lengths and algorithm strengths in [SP800-57] and [SP800-131] useful. MD5 is no longer acceptable where collision resistance is required such as digital signatures. It is not urgent to stop using MD5 in other ways, such as HMAC-MD5; however, since MD5 must not be used for digital signatures, new protocol designs should not employ HMAC-MD5. Alternatives to HMAC-MD5 include HMAC-SHA256 [HMAC][HMAC-SHA256] and [AES-CMAC] when AES is more readily available than a hash function.
Adrian Farrel Former IESG member
No Objection
No Objection
()
Unknown
Robert Sparks Former IESG member
No Objection
No Objection
()
Unknown
Ron Bonica Former IESG member
No Objection
No Objection
()
Unknown
Stewart Bryant Former IESG member
No Objection
No Objection
()
Unknown
Tim Polk Former IESG member
No Objection
No Objection
()
Unknown
Sean Turner Former IESG member
Recuse
Recuse
()
Unknown