NTS client configuration support has landed
Hal Murray
hmurray at megapathdsl.net
Sat Feb 2 08:34:44 UTC 2019
Eric said:
> I have added a note about MD-5 and SHA-1 being rather broken at this point,
> and a warning that MAC authentication may be removed in a future release.
What's wrong with MAC authentication when used with a good algorithm? Is the
security any worse than NTS?
I think we should support it, loud and clear. It's a good backup in case
anybody finds problems with TLS or an admin doesn't want the clutter of a
NTS-KE server and certificates.
Actually, we should move it to an extension so we can phase out the old mode.
I'd be happy to reject MD5 and SHA1. The current code supports any algorithm
that libcrypto supports. attic/digest-find will list a bunch of them.
--
These are my opinions. I hate spam.
More information about the devel
mailing list