[BXXPwg] SUMMARY: Why to use DIGEST-MD5 in syslog-reliable

Marshall T. Rose mrose+mtr.netnews@dbc.mtview.ca.us
Sat, 16 Dec 2000 07:45:44 -0800


err, could we please remove the BEEP mailing list from future traffic on
this thread?

BEEP doesn't care which SASL mechanism you use, it makes them all available;
obviously SYSLOG does care, so it can be discussed on that mailing list.

/mtr

ps: helpful hint -- do not reply to this message.

----- Original Message -----
From: "Rich Salz" <rsalz@caveosystems.com>
To: "Alexey Melnikov" <mel@messagingdirect.com>
Cc: "Syslog Mailing List" <syslog-sec@employees.org>; "BEEP Mailing List"
<bxxpwg@invisible.net>
Sent: Saturday, December 16, 2000 06:42
Subject: Re: [BXXPwg] SUMMARY: Why to use DIGEST-MD5 in syslog-reliable


> > I'll try to summarize why DIGEST-MD5 was chosen as mandatory to
> > implement by several protocols.
>
> This may be completely out of context; if so, I apologize.
>
> There are security issues with MD5, such that the IETF security WG wants
> SHA-1, and MD-5 deprecated.  Unless there is a substantial installed base,
it
> would probably be better to write a quick RFC that says "use XXX but
replace
> MD5 with SHA-1" and use that as the mandatory mechanism.
> /r$
>
> _______________________________________________
> BXXPwg mailing list
> BXXPwg@lists.invisible.net
> http://lists.invisible.net/mailman/listinfo/bxxpwg
>