Re: [Cfrg] What crypto algorithm is referenced most in RFCs?

Marshall Eubanks <marshall.eubanks@gmail.com> Mon, 20 June 2011 17:38 UTC

DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=fnPcQDhUR3eMsGK2HCTGMJu6AnfSwXKRkREDTVWQIs+4lSqbBvOLNI7lg5TmNpGdH7 Kn93qKkgj+dbH/CwIEuI6mAWtPO7ZWbuLlD0PGMpTAKiKLwkWcKqa8iM0Z53P/MSuFCB Wg8eu+6kdBWgXis5zvxEEpk0PqfcTcAvwoExc=
MIME-Version: 1.0
In-Reply-To: <EC9A176E-7C2A-4782-8522-C1656478CBF3@cisco.com>
References: <4A7C9D3B-70C6-4D14-A5D8-F54D84DBBEA9@cisco.com> <4DF6FCAD.1000704@Strombergson.com> <4DF7E236.3060603@ieca.com> <CF0765AF-383F-423F-A8CC-10AEB4A3E348@callas.org> <4DF8627B.1030702@Strombergson.com> <74993A34-C2B3-4FA9-B27B-557AD0E3F7BB@cisco.com> <DD276523-6F9F-466E-BC85-CD9887920E6E@cisco.com> <6679410D-BF1F-4FE4-95DB-90E542CDBBD9@cs.tcd.ie> <BANLkTinJaBzm5wWTcJW1ArF8F-O78HLGKw@mail.gmail.com> <D256DDF2-6E11-4322-91B2-3F052DB52FE3@cs.tcd.ie> <BANLkTimyLVpTNcB8BoMFgjyfa23ikbt_gQ@mail.gmail.com> <4DFD0C1B.6070909@cs.tcd.ie> <BF2B2DDA-08DD-4915-9E69-F7E83BB8D728@cisco.com> <BANLkTim8VCPY9NhNbYkOE2u2HMR_r9s7sg@mail.gmail.com> <EC9A176E-7C2A-4782-8522-C1656478CBF3@cisco.com>
Date: Mon, 20 Jun 2011 13:38:41 -0400
Message-ID: <BANLkTi=fW+wMxkbO_74U8WNiDkrBfpwTvw@mail.gmail.com>
From: Marshall Eubanks <marshall.eubanks@gmail.com>
To: David McGrew <mcgrew@cisco.com>
Content-Type: multipart/alternative; boundary="20cf303f6416d39f4704a62834f9"
Cc: Sean Turner <turners@ieca.com>, cfrg@irtf.org
Subject: Re: [Cfrg] What crypto algorithm is referenced most in RFCs?
Precedence: list

On Mon, Jun 20, 2011 at 1:35 PM, David McGrew <mcgrew@cisco.com> wrote:

>
> On Jun 20, 2011, at 8:33 AM, Marshall Eubanks wrote:
>
>
>
> On Mon, Jun 20, 2011 at 11:23 AM, David McGrew <mcgrew@cisco.com> wrote:
>
>> Hi Stephen,
>>
>>
>> On Jun 18, 2011, at 1:35 PM, Stephen Farrell wrote:
>>
>>
>>>
>>> On 18/06/11 20:09, Marshall Eubanks wrote:
>>>
>>>> On Sat, Jun 18, 2011 at 2:48 PM, Stephen Farrell
>>>> <stephen.farrell@cs.tcd.ie>**wrote:
>>>>
>>>>
>>>>>
>>>>> On 18 Jun 2011, at 19:33, Marshall Eubanks <marshall.eubanks@gmail.com
>>>>> >
>>>>> wrote:
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Jun 17, 2011 at 3:14 PM, Stephen Farrell <<
>>>>> stephen.farrell@cs.tcd.ie>
>>>>> stephen.farrell@cs.tcd.ie> wrote:
>>>>>
>>>>>  Seems like a reasonable idea but defining the "we" that are
>>>>>> noticing/sending this might be tricky. We don't want IETF WGs to start
>>>>>> complaining about the IRTF CFRG crypto police. People can be touchy
>>>>>> about
>>>>>> stuff like that. I'm not sure how best that'd be done to be honest.
>>>>>>
>>>>>>
>>>>>>  Write an I-D along the lines of "MD-5 considered dangerous" and get
>>>>> it
>>>>> published.
>>>>>
>>>>>
>>>>> RFC6151?
>>>>>
>>>>>
>>>> I thought that there was something like this. Then quote this
>>>>
>>>>  MD5 is no longer acceptable where collision resistance is required
>>>>  such as digital signatures.  It is not urgent to stop using MD5 in
>>>>  other ways, such as HMAC-MD5; however, since MD5 must not be used for
>>>>  digital signatures, new protocol designs should not employ HMAC-MD5.
>>>>
>>>>
>>>> and point out how the new I-D disagrees with it.
>>>>
>>>> That's not being the Crypto police. After all, the IESG approved this
>>>> RFC
>>>> and new use of MD5 should get pushback when an I-D gets to the IESG.
>>>> Pointing this out earlier is just saving people's time, and ADs
>>>> generally
>>>> appreciate having their time saved.
>>>>
>>>
>>> Sure, I'm all for it if its not perceived as adding bureaucracy.
>>> Don't forget we already have up to 6 reviews etc. on stuff at
>>> last-call time.
>>>
>>> If someone has a way to generate a report identifying relevant
>>> -00 and -01 drafts maybe, and someone else is willing to ping
>>> authors and explain when they then say "so what" that might
>>> be good.
>>>
>>> I'd say a concrete proposal for what and how to do it, sent to
>>> this list (and then probably saag) for sanity checking would
>>> be good. So, who's stepping up to figure out details for such
>>> a proposal?
>>>
>>
>> I have a set of scripts for producing the list of relevant drafts
>> (containing more AWK programming than I would prefer to admit to ;-)  It
>> would probably be good to provide more detailed information about the 00
>> I-Ds, such as the crypto algorithm(s) that they reference.  In the case of
>> MD5, it would be good to know which I-Ds mention MD5 but don't mention
>> RFC6151.  I am happy to contribute this as an "official" RG contribution if
>> people feel that is important (I'm not sure why it would be, but if it makes
>> process easier I can generate a doc or a webpage with the IETF Trust
>> copyright notice).
>>
>> There are about 120 00-version drafts that reference crypto currently.
>>  Most of those are doing the right thing, and won't require much if any work
>> from crypto-reviewers.   This suggests that the "steady state" workload of
>> having CFRG review the uses of crypto in new I-Ds will be manageable, if we
>> can get a couple of volunteers.  There are also 170 current I-Ds that
>> mention MD5, which suggests that the short-term workload will be higher than
>> the steady state workload.  If anyone is interested, please send a note
>> either to the list, or to Stephen, Sean, and me.
>>
>> I think the best way to operate would be find some volunteers to go
>> through the I-Ds that mention MD5, and send out a notification to authors
>> where needed.  If there are cases in which the actual security properties
>> are not clear, those should be brought back to the RG for discussion.  If
>> this seems fruitful, we can apply the process to -00 I-Ds going forward.
>>
>>
> If you are going to do that, what about DES and rfc4772 ? If you're going
> to be looking...
>
> Marshall
>
>
> good point.
>
> David
>

On this topic, has triple DES been deprecated yet ? I wouldn't feel
comfortable recommending it for something new, but I don't think it's
been shown the door yet.

Regards
Marshall

Re: [Cfrg] What crypto algorithm is referenced mo… Joachim Strömbergson
[Cfrg] What crypto algorithm is referenced most i… David McGrew
Re: [Cfrg] What crypto algorithm is referenced mo… Joachim Strömbergson
Re: [Cfrg] What crypto algorithm is referenced mo… Sean Turner
Re: [Cfrg] What crypto algorithm is referenced mo… Brian Smith
Re: [Cfrg] What crypto algorithm is referenced mo… Sean Turner
Re: [Cfrg] What crypto algorithm is referenced mo… Jon Callas
Re: [Cfrg] What crypto algorithm is referenced mo… Simon Josefsson
Re: [Cfrg] What crypto algorithm is referenced mo… Jon Callas
Re: [Cfrg] What crypto algorithm is referenced mo… Peter Gutmann
Re: [Cfrg] What crypto algorithm is referenced mo… David McGrew
Re: [Cfrg] What crypto algorithm is referenced mo… David McGrew
Re: [Cfrg] What crypto algorithm is referenced mo… Stephen Farrell
Re: [Cfrg] What crypto algorithm is referenced mo… Marshall Eubanks
Re: [Cfrg] What crypto algorithm is referenced mo… Stephen Farrell
Re: [Cfrg] What crypto algorithm is referenced mo… Marshall Eubanks
Re: [Cfrg] What crypto algorithm is referenced mo… Stephen Farrell
Re: [Cfrg] What crypto algorithm is referenced mo… David McGrew
Re: [Cfrg] What crypto algorithm is referenced mo… Marshall Eubanks
Re: [Cfrg] What crypto algorithm is referenced mo… Joachim Strömbergson
Re: [Cfrg] What crypto algorithm is referenced mo… Marshall Eubanks
Re: [Cfrg] What crypto algorithm is referenced mo… David McGrew
Re: [Cfrg] What crypto algorithm is referenced mo… Marshall Eubanks
Re: [Cfrg] What crypto algorithm is referenced mo… Jon Callas
Re: [Cfrg] What crypto algorithm is referenced mo… David McGrew
Re: [Cfrg] What crypto algorithm is referenced mo… Thomas Pornin
Re: [Cfrg] What crypto algorithm is referenced mo… David McGrew
Re: [Cfrg] What crypto algorithm is referenced mo… Marshall Eubanks
Re: [Cfrg] What crypto algorithm is referenced mo… David McGrew