|>I don't see how this proposal fixes this problem. It requires MD5 which
|>will require a license from RSA. How does this not fall into your class
|>2 space? As long as I am in that space, I would much prefer a protocol
|>which has been widely adopted by the financial community (e.g. SSL).
Nope, MD5 is a public domain algorithm, RSA put it there. so long as it is
refered to as the RSA blah de blah. Originally the code was non-commercial use
only but i think that is now changed as well - not that it would be a problem.
In any case MD5 is not the best hash to use SHA is better. Main thing to avoid
is MD4 though which is seriously compromised.
-- Phillip M. Hallam-BakerNot Speaking for anyone else.