[db-wg] Disallowing MD5 passwords in e-mail updates, was MD5 Hashes in the database

>The community has so far decided that it is quite happy with the MD5
>disclosure on the web site. If you want to create a policy proposal to
>change this then please go ahead.

Well, I would be honored but I think creating a policy that would fit the
intended goals is out of my comptency domains. I am afraid, I am just a
professional penetration tester, not a senior manager.
However, it seems David have drafted one or two , maybe should I help by
just reviewing the final policy proposal ?

Regards,

Damien

On Wed, Nov 9, 2011 at 3:38 PM, David Freedman
<david.freedman at uk.clara.net>wrote:

> I have already submitted a pair of policy proposals to the db-wg chairs,
> am awaiting their response.
>
> Dave.
>
>
> On 09/11/2011 14:35, "Nigel Titley" <nigel at titley.com> wrote:
>
> >On Wed, 2011-11-09 at 10:55 +0100, virtu virtualabs wrote:
> >> So it is up to the community to move from MD5 authentication to
> >> stronger authentication methods ? No preventive steps would be taken
> >> to avoid MD5 hashes disclosure on the RIPE website ?
> >
> >The community has so far decided that it is quite happy with the MD5
> >disclosure on the web site. If you want to create a policy proposal to
> >change this then please go ahead. I suggest you raise it on this list
> >first of all, then if you see a degree of support enlist the help of the
> >RIPE NCC in creating the proposal (Emilio is the policy officer and will
> >be delighted to help).
> >
> >All the best
> >
> >Nigel
> >
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/db-wg/attachments/20111109/3cd08c29/attachment.html>