Re: [Cfrg] [Fwd: I-D ACTION:draft-turner-md2-to-historic-00.txt]
Sean Turner <turners@ieca.com> Tue, 06 July 2010 16:47 UTC
Return-Path: <turners@ieca.com>
X-Original-To: cfrg@core3.amsl.com
Delivered-To: cfrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 839843A6A44 for <cfrg@core3.amsl.com>; Tue, 6 Jul 2010 09:47:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.964
X-Spam-Level:
X-Spam-Status: No, score=-1.964 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v0JP6cnvmTvb for <cfrg@core3.amsl.com>; Tue, 6 Jul 2010 09:47:00 -0700 (PDT)
Received: from smtp115.biz.mail.sp1.yahoo.com (smtp115.biz.mail.sp1.yahoo.com [69.147.92.217]) by core3.amsl.com (Postfix) with SMTP id 57BCB3A6A42 for <cfrg@irtf.org>; Tue, 6 Jul 2010 09:47:00 -0700 (PDT)
Received: (qmail 61567 invoked from network); 6 Jul 2010 16:40:23 -0000
Received: from thunderfish.local (turners@96.231.127.211 with plain) by smtp115.biz.mail.sp1.yahoo.com with SMTP; 06 Jul 2010 09:40:22 -0700 PDT
X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ
X-YMail-OSG: H3XKEykVM1kss_AyRW.edWyeUo7GVWYhf7nntHLeebAp2qd SckNwoFk_gLvtox_VSvAOGegHKo6QuMgZ87oezt.JJwA6VLZjAqm8HoiIEDH hE9zAxgnShLHbwmzQ05ZNKjbK7g0o0bk.QDPKTrE3Aes543LgSipQ5QuyN8B chWObWug3xUlfgYEDOySRx5PKGSwgEwe36pPF_4Swfjk47qa.IMMjq2IW_Lh Z_sNCdG8tGMK8Jjs3EPVc4YpH1dSVOmNSwIaGsvvfb9R.MjtwbpeokhZhZBH rDAf0h_nW2YgXC4BPpWI4vXc1RsvfNZt7iO0awwC8K65a_tFqSXPwgA--
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4C335C75.7070508@ieca.com>
Date: Tue, 06 Jul 2010 12:40:21 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
MIME-Version: 1.0
To: saag@ietf.org, smime@ietf.org, pkix@ietf.org, cfrg@irtf.org
References: <4C10E308.9060503@ieca.com>
In-Reply-To: <4C10E308.9060503@ieca.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [Cfrg] [Fwd: I-D ACTION:draft-turner-md2-to-historic-00.txt]
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jul 2010 16:47:00 -0000
To summarize the comments I received on this I-D: 1) Finally! 2) Is there any precedent with moving informational to historic. Russ suggested I ask Scott Bradner what he thought about this. His response (repeated here with permission): "1/ my personal view is that historic should be only used for cases where we want to say 'do not use' 2/ seems like a reasonable thing to do in this case fwiw, I have always felt that it is important to document any such move that is done for a real reason (not just because people think it is not used) with a RFC" I'd consider this support for moving informational RFCs to historic. 3) Why target MD2? This was really a trial balloon. I'm planning on doing something with MD4 and MD5 too ;) 4) It's better to have a security algorithms roadmap. I tend to agree, but I thought I was shooting for the low hanging fruit. 5) Remove keywords and delete obsolete references. Anything to track less references is a good thing! 6) Do an updates document instead, because there might still be other uses for MD2/MD4/MD5 that don't require collision resistance (e.g., HMAC). I'd like to treat MD2/MD4/MD5 the same, but some HMAC uses are probably still okay for a little while (at least that what's I'm turning up through research). But, I can't really see us saying that HAMC-MD2 and HMAC-MD4 are okay to keep using in the mid/long term. I think we ought to be saying "jump off the sinking ship now" because it takes a while for crypto to go away just like it does to get fielded. Luckily, there are only a few places where HMAC-MD2 or HMAC-MD4 are specified. MD5/HMAC-MD5 is another story. I like the idea of just updating MD5's security considerations to say don't use MD5 if you need collision resistance and that it is (or is probably) okay for HMAC. I updated the md2-to-historic I-D (http://datatracker.ietf.org/doc/draft-turner-md2-to-historic/) to actually talk about attacks against MD2 and submitted a similar draft for MD4 (http://datatracker.ietf.org/doc/draft-turner-md4-to-historic/). I also submitted one that updates the MD5 security considerations (http://datatracker.ietf.org/doc/draft-turner-md5-seccon-update/). Comments on all are welcome. spt Sean Turner wrote: > (apologies if you get this multiple times) > > I'm looking for feedback on this draft that proposes moving MD2 to > historic status. > > Thanks, > > spt > > ------------------------------------------------------------------------ > > Subject: > I-D ACTION:draft-turner-md2-to-historic-00.txt > From: > Internet-Drafts@ietf.org > Date: > Wed, 9 Jun 2010 15:00:02 -0700 (PDT) > To: > i-d-announce@ietf.org > > To: > i-d-announce@ietf.org > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > > Title : MD2 to Historic Status > Author(s) : S. Turner > Filename : draft-turner-md2-to-historic-00.txt > Pages : 6 > Date : 2010-6-8 > > This document recommends the retirement of MD2 and discusses the > reasons for doing so. This document recommends RFC 1319 be moved to > Historic status. > > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-turner-md2-to-historic-00.txt > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > Below is the data which will enable a MIME compliant mail reader > implementation to automatically retrieve the ASCII version of the > Internet-Draft. > > > ------------------------------------------------------------------------ > > _______________________________________________ > I-D-Announce mailing list > I-D-Announce@ietf.org > https://www.ietf.org/mailman/listinfo/i-d-announce > Internet-Draft directories: http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
- [Cfrg] [Fwd: I-D ACTION:draft-turner-md2-to-histo… Sean Turner
- Re: [Cfrg] [Fwd: I-D ACTION:draft-turner-md2-to-h… Blumenthal, Uri - 0668 - MITLL
- Re: [Cfrg] [Fwd: I-D ACTION:draft-turner-md2-to-h… Simon Josefsson
- Re: [Cfrg] [Fwd: I-D ACTION:draft-turner-md2-to-h… Peter Gutmann
- Re: [Cfrg] [Fwd: I-D ACTION:draft-turner-md2-to-h… Simon Josefsson
- Re: [Cfrg] [Fwd: I-D ACTION:draft-turner-md2-to-h… Len Sassaman
- Re: [Cfrg] [Fwd: I-D ACTION:draft-turner-md2-to-h… Sean Turner
- Re: [Cfrg] [Fwd: I-D ACTION:draft-turner-md2-to-h… Simon Josefsson
- Re: [Cfrg] [Fwd: I-D ACTION:draft-turner-md2-to-h… Simon Josefsson
- Re: [Cfrg] [Fwd: I-D ACTION:draft-turner-md2-to-h… Len Sassaman
- Re: [Cfrg] [Fwd: I-D ACTION:draft-turner-md2-to-h… Simon Josefsson
- Re: [Cfrg] [Fwd: I-D ACTION:draft-turner-md2-to-h… Len Sassaman
- Re: [Cfrg] [Fwd: I-D ACTION:draft-turner-md2-to-h… Simon Josefsson
- Re: [Cfrg] [saag] [Fwd: I-D ACTION:draft-turner-m… Santosh Chokhani
- Re: [Cfrg] [Fwd: I-D ACTION:draft-turner-md2-to-h… Peter Gutmann
- Re: [Cfrg] [Fwd: I-D ACTION:draft-turner-md2-to-h… Len Sassaman
- Re: [Cfrg] [saag] [Fwd: I-D ACTION:draft-turner-m… Sean Turner
- Re: [Cfrg] [Fwd: I-D ACTION:draft-turner-md2-to-h… Sean Turner
- Re: [Cfrg] [saag] [Fwd: I-D ACTION:draft-turner-m… Santosh Chokhani
- Re: [Cfrg] draft-turner-md4-to-historic and Micro… Sean Turner