Re: [Cfrg] What crypto algorithm is referenced most in RFCs?

David McGrew <mcgrew@cisco.com> Mon, 20 June 2011 15:25 UTC

Return-Path: <mcgrew@cisco.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53C2421F8659 for <cfrg@ietfa.amsl.com>; Mon, 20 Jun 2011 08:25:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n623-XiL-xn1 for <cfrg@ietfa.amsl.com>; Mon, 20 Jun 2011 08:25:07 -0700 (PDT)
Received: from sj-iport-2.cisco.com (sj-iport-2.cisco.com [171.71.176.71]) by ietfa.amsl.com (Postfix) with ESMTP id 8C57C21F8662 for <cfrg@irtf.org>; Mon, 20 Jun 2011 08:24:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=mcgrew@cisco.com; l=5375; q=dns/txt; s=iport; t=1308583494; x=1309793094; h=cc:message-id:from:to:in-reply-to: content-transfer-encoding:mime-version:subject:date: references; bh=oQkWnVYHLL0sOhZcx7dzjyift2pbF22Sm5iNk1fW83k=; b=B+AYP4UY5Iia5/M5PRWWxx92Y8Ld9o5EA9zNcK/zhVPZeFnogsQyGbAp efmu6bh6rs93K9/UPxdMq+aZKbkWkVSYzB92VFteRWElaycDZt1DWSdmt ctGzjJhcl51tuE7IgTaYsDgks0aX0vgPdEKu7OUky21HeoISIY7R7hOYs Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av0EAPtk/02rRDoH/2dsb2JhbABTpl93iHOhXp1nhioEhyCKPoklhnw
X-IronPort-AV: E=Sophos;i="4.65,394,1304294400"; d="scan'208";a="380920234"
Received: from mtv-core-2.cisco.com ([171.68.58.7]) by sj-iport-2.cisco.com with ESMTP; 20 Jun 2011 15:23:49 +0000
Received: from stealth-10-32-254-213.cisco.com (stealth-10-32-254-213.cisco.com [10.32.254.213]) by mtv-core-2.cisco.com (8.14.3/8.14.3) with ESMTP id p5KFNltF003583; Mon, 20 Jun 2011 15:23:48 GMT
Message-Id: <BF2B2DDA-08DD-4915-9E69-F7E83BB8D728@cisco.com>
From: David McGrew <mcgrew@cisco.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
In-Reply-To: <4DFD0C1B.6070909@cs.tcd.ie>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Mon, 20 Jun 2011 08:23:47 -0700
References: <4A7C9D3B-70C6-4D14-A5D8-F54D84DBBEA9@cisco.com> <4DF6FCAD.1000704@Strombergson.com> <4DF7E236.3060603@ieca.com> <CF0765AF-383F-423F-A8CC-10AEB4A3E348@callas.org> <4DF8627B.1030702@Strombergson.com> <74993A34-C2B3-4FA9-B27B-557AD0E3F7BB@cisco.com> <DD276523-6F9F-466E-BC85-CD9887920E6E@cisco.com> <6679410D-BF1F-4FE4-95DB-90E542CDBBD9@cs.tcd.ie> <BANLkTinJaBzm5wWTcJW1ArF8F-O78HLGKw@mail.gmail.com> <D256DDF2-6E11-4322-91B2-3F052DB52FE3@cs.tcd.ie> <BANLkTimyLVpTNcB8BoMFgjyfa23ikbt_gQ@mail.gmail.com> <4DFD0C1B.6070909@cs.tcd.ie>
X-Mailer: Apple Mail (2.936)
Cc: Sean Turner <turners@ieca.com>, cfrg@irtf.org, Marshall Eubanks <marshall.eubanks@gmail.com>
Subject: Re: [Cfrg] What crypto algorithm is referenced most in RFCs?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jun 2011 15:25:09 -0000

Hi Stephen,

On Jun 18, 2011, at 1:35 PM, Stephen Farrell wrote:

>
>
> On 18/06/11 20:09, Marshall Eubanks wrote:
>> On Sat, Jun 18, 2011 at 2:48 PM, Stephen Farrell
>> <stephen.farrell@cs.tcd.ie>wrote;wrote:
>>
>>>
>>>
>>> On 18 Jun 2011, at 19:33, Marshall Eubanks <marshall.eubanks@gmail.com 
>>> >
>>> wrote:
>>>
>>>
>>>
>>> On Fri, Jun 17, 2011 at 3:14 PM, Stephen Farrell <<stephen.farrell@cs.tcd.ie 
>>> >
>>> stephen.farrell@cs.tcd.ie> wrote:
>>>
>>>> Seems like a reasonable idea but defining the "we" that are
>>>> noticing/sending this might be tricky. We don't want IETF WGs to  
>>>> start
>>>> complaining about the IRTF CFRG crypto police. People can be  
>>>> touchy about
>>>> stuff like that. I'm not sure how best that'd be done to be honest.
>>>>
>>>>
>>> Write an I-D along the lines of "MD-5 considered dangerous" and  
>>> get it
>>> published.
>>>
>>>
>>> RFC6151?
>>>
>>
>> I thought that there was something like this. Then quote this
>>
>>   MD5 is no longer acceptable where collision resistance is required
>>   such as digital signatures.  It is not urgent to stop using MD5 in
>>   other ways, such as HMAC-MD5; however, since MD5 must not be used  
>> for
>>   digital signatures, new protocol designs should not employ HMAC- 
>> MD5.
>>
>>
>> and point out how the new I-D disagrees with it.
>>
>> That's not being the Crypto police. After all, the IESG approved  
>> this RFC
>> and new use of MD5 should get pushback when an I-D gets to the IESG.
>> Pointing this out earlier is just saving people's time, and ADs  
>> generally
>> appreciate having their time saved.
>
> Sure, I'm all for it if its not perceived as adding bureaucracy.
> Don't forget we already have up to 6 reviews etc. on stuff at
> last-call time.
>
> If someone has a way to generate a report identifying relevant
> -00 and -01 drafts maybe, and someone else is willing to ping
> authors and explain when they then say "so what" that might
> be good.
>
> I'd say a concrete proposal for what and how to do it, sent to
> this list (and then probably saag) for sanity checking would
> be good. So, who's stepping up to figure out details for such
> a proposal?

I have a set of scripts for producing the list of relevant drafts  
(containing more AWK programming than I would prefer to admit to ;-)   
It would probably be good to provide more detailed information about  
the 00 I-Ds, such as the crypto algorithm(s) that they reference.  In  
the case of MD5, it would be good to know which I-Ds mention MD5 but  
don't mention RFC6151.  I am happy to contribute this as an "official"  
RG contribution if people feel that is important (I'm not sure why it  
would be, but if it makes process easier I can generate a doc or a  
webpage with the IETF Trust copyright notice).

There are about 120 00-version drafts that reference crypto  
currently.  Most of those are doing the right thing, and won't require  
much if any work from crypto-reviewers.   This suggests that the  
"steady state" workload of having CFRG review the uses of crypto in  
new I-Ds will be manageable, if we can get a couple of volunteers.   
There are also 170 current I-Ds that mention MD5, which suggests that  
the short-term workload will be higher than the steady state  
workload.  If anyone is interested, please send a note either to the  
list, or to Stephen, Sean, and me.

I think the best way to operate would be find some volunteers to go  
through the I-Ds that mention MD5, and send out a notification to  
authors where needed.  If there are cases in which the actual security  
properties are not clear, those should be brought back to the RG for  
discussion.  If this seems fruitful, we can apply the process to -00 I- 
Ds going forward.

Looking ahead a bit, it seems like it would be valuable for the RG to  
produce a document describing the crypto algorithms that are in use  
and providing guidance.  I think it would be healthy to have a  
discussion in CFRG on the guidance, and this document could be  
something that we point to.

David

>
> S.
>
>
>>
>> Regards
>> Marshall
>>
>>
>>> S
>>>
>>>
>>> Regards
>>> Marshall
>>>
>>>
>>>
>>>
>>>> S
>>>>
>>>> On 17 Jun 2011, at 19:40, David McGrew < <mcgrew@cisco.com>
>>>> mcgrew@cisco.com> wrote:
>>>>
>>>>>
>>>>> On Jun 17, 2011, at 11:29 AM, David McGrew wrote:
>>>>>
>>>>>> Hi Joachim,
>>>>>>
>>>>>> +1 on the idea of making sure that current I-Ds that mention  
>>>>>> MD5 are
>>>> aware   Probably this could be done by crafting a short paragraph  
>>>> saying
>>>> something like "We noticed that your RFC references MD5;
>>>>>
>>>>> aargh, I meant "your I-D references MD5".
>>>>>
>>>>> David
>>>>> _______________________________________________
>>>>> Cfrg mailing list
>>>>> <Cfrg@irtf.org>Cfrg@irtf.org
>>>>> <http://www.irtf.org/mailman/listinfo/cfrg>
>>>> http://www.irtf.org/mailman/listinfo/cfrg
>>>> _______________________________________________
>>>> Cfrg mailing list
>>>> <Cfrg@irtf.org>Cfrg@irtf.org
>>>> <http://www.irtf.org/mailman/listinfo/cfrg>
>>>> http://www.irtf.org/mailman/listinfo/cfrg
>>>>
>>>
>>>
>>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg