[BXXPwg] SUMMARY: Why to use DIGEST-MD5 in syslog-reliable

Rich Salz rsalz@caveosystems.com
Sat, 16 Dec 2000 09:42:00 -0500

> I'll try to summarize why DIGEST-MD5 was chosen as mandatory to
> implement by several protocols.

This may be completely out of context; if so, I apologize.

There are security issues with MD5, such that the IETF security WG wants
SHA-1, and MD-5 deprecated.  Unless there is a substantial installed base, it
would probably be better to write a quick RFC that says "use XXX but replace
MD5 with SHA-1" and use that as the mandatory mechanism.