Re: Crypto agility in SCRAM + draft-josefsson-password-auth?

[Sam Hartman <hartmans-ietf@xxxxxxx>]

    Chris> While I would personally be fine with abandoning MD5 in
    Chris> favor of SHA1 given my code toolkit has both algorithms,
    Chris> I'm concerned about the impact. Everyone's code toolkit
    Chris> includes MD5, but use of SHA1 is quite rare in applications
    Chris> at the moment.  Switching away from MD5 will create a
    Chris> deployment barrier.  Again, it doesn't matter how much more
    Chris> secure SHA1 is than MD5 if the SHA1-based mechanism doesn't
    Chris> deploy and an MD5-based one might have deployed.  I'd like
    Chris> to hear from other SASL implementers before making a firm
    Chris> decision on this one: do you have SHA1 in your code
    Chris> toolkit? If not, how hard would it be to add it and would
    Chris> that be a deployment barrier?

I don't think md5 should be used for a new mechanism.
Sha-1 is very widely available in C, Java and other languages.
I think you may get significant pushback in ietf last call to the use of md5 in something new; I I know I'll be part of that.