[e2e] Re: [Tsvwg] Really End-to-end or CRC vs everything else?
Jonathan Stone
jonathan at DSG.Stanford.EDU
Fri May 25 14:50:45 PDT 2001
In message <20010525212300.A8F062A4B at orchard.arlington.ma.us>Bill Sommerfeld wr
ites
>> [... md5 as an error-check function to defeat would-be middleboxers...]
>>
>> If you put that in the transport layer, won't that makes communication
>> without a shared-secret impossible? At least without using some other
>> transport protocol, to bootstrap a D-H or SPEKE or other initial key
>> exchange.
>
>md5 is an unkeyed function, just like the CRC or internet checksum.
>
>hmac-md5 is a keyed function built out of md5 (it's one of two MAC
>functions used with IPsec). [...]
Yes, I know. David Reed was explicitly suggesting md5 *with* a
shared-secret (like hmac-md5) as an e2e integrity check in order to
detect middle-boxes. Using shared secrets at the transport protocol
needs way -- perhaps unekeyed md5? -- to bootstrap the conversation.
I hope just aying "md5" while referring to shared-secrets didn't
cause confusion.
More information about the end2end-interest
mailing list