| Re: Issue 152: Need crypto protocol agility | <– Date –> <– Thread –> |
From: Pat Calhoun (pacalhou) (pcalhoun cisco.com)
|
|
| Date: Thu, 31 Jul 2008 10:15:09 -0700 (PDT) | |
Works for me. Made the change. Thanks! PatC -----Original Message----- From: Pasi.Eronen [at] nokia.com [mailto:Pasi.Eronen [at] nokia.com] Sent: Thursday, July 31, 2008 3:25 AM To: Pat Calhoun (pacalhou); nathan.williams [at] thingmagic.com Cc: margaret [at] thingmagic.com; capwap [at] frascone.com Subject: RE: [Capwap] Issue 152: Need crypto protocol agility The text could also mention how the image is protected (if it's not MD5), and reverse the order of explanation. Something like this maybe? "The authenticity and integrity of the image file is protected by DTLS, and in this context, MD5 is not used as a cryptographically secure hash, but just as a basic checksum. Therefore, the use of MD5 is not considered a security vulnerability, and no mechanisms for algorithm agility are provided." Best regards, Pasi > -----Original Message----- > From: ext Pat Calhoun (pacalhou) [mailto:pcalhoun [at] cisco.com] > Sent: 31 July, 2008 01:00 > To: Nathan J. Williams > Cc: Eronen Pasi (Nokia-NRC/Helsinki); Margaret Wasserman; > capwap [at] frascone.com > Subject: RE: [Capwap] Issue 152: Need crypto protocol agility > > Oh right. Making sure that everyone is awake ;-) > > PatC > > -----Original Message----- > From: Nathan J. Williams [mailto:nathan.williams [at] thingmagic.com] > Sent: Wednesday, July 30, 2008 2:18 PM > To: Pat Calhoun (pacalhou) > Cc: Pasi.Eronen [at] nokia.com; Margaret Wasserman; capwap [at] frascone.com > Subject: Re: [Capwap] Issue 152: Need crypto protocol agility > > "Pat Calhoun (pacalhou)" <pcalhoun [at] cisco.com> writes: > > > 12.1.5. Use of MD5 > > > > The Image Information Section 4.6.29) message element > makes use of > > MD5 to compute the hash field. It is important to note that in > order > > to preserve interoperability with existing CAPWAP > implementations, > it > > was decided to not provide protocol agility. That said, > it is also > > important to note that the use of MD5 in this context is > to create > > a > ^^^ > not > > > cryptographically secure hash, but instead to provide a basic > > checksum value. Therefore, the use of MD5 is not considered a > > security vulnerability. > > </text> > > Right? > > - Nathan >
- Re: Issue 152: Need crypto protocol agility, (continued)
- Re: Issue 152: Need crypto protocol agility Pat Calhoun (pacalhou), July 30 2008
- Re: Issue 152: Need crypto protocol agility Nathan J. Williams, July 30 2008
- Re: Issue 152: Need crypto protocol agility Pat Calhoun (pacalhou), July 30 2008
- Re: Issue 152: Need crypto protocol agility Pasi.Eronen, July 31 2008
- Re: Issue 152: Need crypto protocol agility Pat Calhoun (pacalhou), July 31 2008
- Re: Issue 152: Need crypto protocol agility David B. Nelson, July 30 2008
Results generated by Tiger Technologies using MHonArc.