ok, so this is "mission creep", but from looking through the other
expired drafts, it occurred to me that maybe the right thing to do with
the expired (and tiny) draft-ietf-secsh-fingerprint-01.txt is to fold
its content into this draft.
http://tools.ietf.org/wg/secsh/draft-ietf-secsh-fingerprint/draft-ietf-secsh-fingerprint-01.txt
though, given the current status of MD5 we need to defend its use in a
security considerations section.
we should note that (1) use of MD5 in this form is documents existing
practice, (2) the MD5 property which we rely on is 2nd-preimage
resistance, not collision-resistance.
thoughts?