Re: draft-ietf-secsh-dns-01.txt Fingerprint digest alg

To: Jakob Schlyter <jakob%crt.se@localhost>
Subject: Re: draft-ietf-secsh-dns-01.txt Fingerprint digest alg
From: jon%siliconcircus.com@localhost
Date: Thu, 7 Nov 2002 16:37:43 +0100 (CET)

On Thu, 7 Nov 2002, Jakob Schlyter wrote:

> On Thu, 7 Nov 2002, Darren J Moffat wrote:
> 
> > The only digest algorithm listed is SHA1. I think this is inconsistant with
> > draft-ietf-secsh-fingerprint-01.txt (expired) which specified MD5 as
> > the fingerprint digest algorithm.
> 
> yes, that is intentional - I can not see any reason for using md5.

Wouldn't backwards compatibility be better served by requiring SHA1 and
additionally recommending MD5 be provided?  Better to allow users to check 
key fingerprints using a slightly less secure algorithm than prevent them 
from checking key fingerprints against servers who aren't yet up to date 
with the latest and greatest, no?

-- 
Jon Bright
Lead Programmer, Silicon Circus Ltd.
http://www.siliconcircus.com

Follow-Ups:
- Re: draft-ietf-secsh-dns-01.txt Fingerprint digest alg
  - From: Jakob Schlyter

References:
- Re: draft-ietf-secsh-dns-01.txt Fingerprint digest alg
  - From: Jakob Schlyter

Prev by Date: Re: draft-ietf-secsh-dns-01.txt Fingerprint digest alg
Next by Date: Re: draft-ietf-secsh-dns-01.txt Fingerprint digest alg
Previous by Thread: Re: draft-ietf-secsh-dns-01.txt Fingerprint digest alg
Next by Thread: Re: draft-ietf-secsh-dns-01.txt Fingerprint digest alg
Indexes:

Home | Main Index | Thread Index | Old Index