IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: draft-ietf-secsh-dns-01.txt Fingerprint digest alg



On Thu, 7 Nov 2002, Jakob Schlyter wrote:

> On Thu, 7 Nov 2002, Darren J Moffat wrote:
> 
> > The only digest algorithm listed is SHA1. I think this is inconsistant with
> > draft-ietf-secsh-fingerprint-01.txt (expired) which specified MD5 as
> > the fingerprint digest algorithm.
> 
> yes, that is intentional - I can not see any reason for using md5.

Wouldn't backwards compatibility be better served by requiring SHA1 and
additionally recommending MD5 be provided?  Better to allow users to check 
key fingerprints using a slightly less secure algorithm than prevent them 
from checking key fingerprints against servers who aren't yet up to date 
with the latest and greatest, no?

-- 
Jon Bright
Lead Programmer, Silicon Circus Ltd.
http://www.siliconcircus.com




Home | Main Index | Thread Index | Old Index