A keyed version of MD5 is the base authentication mechanism in IPSP and it has been heavily examined by a number of very good cryptographers.
Yes we reviewed it and said that it sucked. Phil wrote a note to Ron and Ron sent in a series of comments. I suggested that the idea of a keyed digest be stated as a separate concept from a hash function. Functions of one variable are intrinsically different from functions of two variables. The sequence of events I heard was that they asked Burt Kaliski for a suggestion, he gave them one and they chose something different.
Isn't this what the GSS-API is about? Couldn't HTTP-NG just convey GSS "tokens", and do something about getting both sides to agree on which GSS "mechanism" is to be used, and on what Principals are involved?
GSS is often brought up on occasions like this. I have never seen an architectural overview of what it is trying to achieve for me or how. When I am provided with a clear definition of what it is I hope to arrive at a clear explanation of why I'm not using it. Unfortunately the RFC process strips the rationale part out of the specs. Phill