Re: [Cfrg] What crypto algorithm is referenced most in RFCs?

[David McGrew <mcgrew@cisco.com>]

On Jun 20, 2011, at 8:33 AM, Marshall Eubanks wrote:

>
>
> On Mon, Jun 20, 2011 at 11:23 AM, David McGrew <mcgrew@cisco.com>  
> wrote:
> Hi Stephen,
>
>
> On Jun 18, 2011, at 1:35 PM, Stephen Farrell wrote:
>
>
>
> On 18/06/11 20:09, Marshall Eubanks wrote:
> On Sat, Jun 18, 2011 at 2:48 PM, Stephen Farrell
> <stephen.farrell@cs.tcd.ie>wrote:
>
>
>
> On 18 Jun 2011, at 19:33, Marshall Eubanks  
> <marshall.eubanks@gmail.com>
> wrote:
>
>
>
> On Fri, Jun 17, 2011 at 3:14 PM, Stephen Farrell <<stephen.farrell@cs.tcd.ie 
> >
> stephen.farrell@cs.tcd.ie> wrote:
>
> Seems like a reasonable idea but defining the "we" that are
> noticing/sending this might be tricky. We don't want IETF WGs to start
> complaining about the IRTF CFRG crypto police. People can be touchy  
> about
> stuff like that. I'm not sure how best that'd be done to be honest.
>
>
> Write an I-D along the lines of "MD-5 considered dangerous" and get it
> published.
>
>
> RFC6151?
>
>
> I thought that there was something like this. Then quote this
>
>  MD5 is no longer acceptable where collision resistance is required
>  such as digital signatures.  It is not urgent to stop using MD5 in
>  other ways, such as HMAC-MD5; however, since MD5 must not be used for
>  digital signatures, new protocol designs should not employ HMAC-MD5.
>
>
> and point out how the new I-D disagrees with it.
>
> That's not being the Crypto police. After all, the IESG approved  
> this RFC
> and new use of MD5 should get pushback when an I-D gets to the IESG.
> Pointing this out earlier is just saving people's time, and ADs  
> generally
> appreciate having their time saved.
>
> Sure, I'm all for it if its not perceived as adding bureaucracy.
> Don't forget we already have up to 6 reviews etc. on stuff at
> last-call time.
>
> If someone has a way to generate a report identifying relevant
> -00 and -01 drafts maybe, and someone else is willing to ping
> authors and explain when they then say "so what" that might
> be good.
>
> I'd say a concrete proposal for what and how to do it, sent to
> this list (and then probably saag) for sanity checking would
> be good. So, who's stepping up to figure out details for such
> a proposal?
>
> I have a set of scripts for producing the list of relevant drafts  
> (containing more AWK programming than I would prefer to admit  
> to ;-)  It would probably be good to provide more detailed  
> information about the 00 I-Ds, such as the crypto algorithm(s) that  
> they reference.  In the case of MD5, it would be good to know which  
> I-Ds mention MD5 but don't mention RFC6151.  I am happy to  
> contribute this as an "official" RG contribution if people feel that  
> is important (I'm not sure why it would be, but if it makes process  
> easier I can generate a doc or a webpage with the IETF Trust  
> copyright notice).
>
> There are about 120 00-version drafts that reference crypto  
> currently.  Most of those are doing the right thing, and won't  
> require much if any work from crypto-reviewers.   This suggests that  
> the "steady state" workload of having CFRG review the uses of crypto  
> in new I-Ds will be manageable, if we can get a couple of  
> volunteers.  There are also 170 current I-Ds that mention MD5, which  
> suggests that the short-term workload will be higher than the steady  
> state workload.  If anyone is interested, please send a note either  
> to the list, or to Stephen, Sean, and me.
>
> I think the best way to operate would be find some volunteers to go  
> through the I-Ds that mention MD5, and send out a notification to  
> authors where needed.  If there are cases in which the actual  
> security properties are not clear, those should be brought back to  
> the RG for discussion.  If this seems fruitful, we can apply the  
> process to -00 I-Ds going forward.
>
>
> If you are going to do that, what about DES and rfc4772 ? If you're  
> going to be looking...
>
> Marshall

good point.

David