Ooops... Just gone off and read the papers again. The Keyed MD5 proposal currently described in one of the drafts is indeed one of those that was suggested in the cryptobytes article. I remember reading another calling itself "Keyed MD5" at the time of the rumpus Perry refered to. The response that had been communicated back was that the IP sec work was going to standard anyway despite the objections. The suggestion which had started people off was that of MAC_a(x) = MD5(a.x.a). Nobody ever mentioned that IP sec had changed the construction (which is a good thing). The point still stands however that there will have to be more than one algorithm supported and that HTTP-NG cannot assume that a particular algorithm or construction will be used. Keyed-MD5 is still an MD5 variant, there are good reasons to think that a keyed digest could be constructed which would be faster than a hash function. Phill