Re: [Cfrg] What crypto algorithm is referenced most in RFCs?

Marshall Eubanks <marshall.eubanks@gmail.com> Mon, 20 June 2011 15:33 UTC

Return-Path: <marshall.eubanks@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 612339E8026 for <cfrg@ietfa.amsl.com>; Mon, 20 Jun 2011 08:33:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.765
X-Spam-Level:
X-Spam-Status: No, score=-102.765 tagged_above=-999 required=5 tests=[AWL=-0.833, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, SARE_HTML_USL_OBFU=1.666, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5rwn74dVFkaZ for <cfrg@ietfa.amsl.com>; Mon, 20 Jun 2011 08:33:53 -0700 (PDT)
Received: from mail-gy0-f182.google.com (mail-gy0-f182.google.com [209.85.160.182]) by ietfa.amsl.com (Postfix) with ESMTP id 4CA5D9E801A for <cfrg@irtf.org>; Mon, 20 Jun 2011 08:33:53 -0700 (PDT)
Received: by gyf3 with SMTP id 3so560198gyf.13 for <cfrg@irtf.org>; Mon, 20 Jun 2011 08:33:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=UJL/lheG4m4Aa+eIvn7/YKBJW5uYph9JSeigwaY3RPo=; b=qh9+5kwF9SpFvqmdb0aMOigADZOyUZR9DZ8WO8b6+OX1GTUkebBouWCJ4+J6AxLiGr Ph/wRn7EG5H7J2vNMo0zW2FQRtp8x/yjcleNSgX6CCN1yWQeBcyeaneCzjC874UzogEB AsrbcEE/hQPWl5rr39pqs5cHMZH1lx5ADA2CY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=CmqLVlA5dMpucbcsGGHKtQ9Ov+b8uSrjVEkpsZ1Zjo5KAdB27MQ6i7teoFnpzwbgD8 QYIAXlCrsFlViZsNDbL523QSJNW5moUvbA7nMoMiBp1LEYXSan7xdTbEfWwwaRIrUfRU FcmzvJ/hOsDO7fCKs1v5brngHeNrhq6+Uc2VE=
MIME-Version: 1.0
Received: by 10.236.157.36 with SMTP id n24mr3615028yhk.190.1308584032557; Mon, 20 Jun 2011 08:33:52 -0700 (PDT)
Received: by 10.146.86.10 with HTTP; Mon, 20 Jun 2011 08:33:52 -0700 (PDT)
In-Reply-To: <BF2B2DDA-08DD-4915-9E69-F7E83BB8D728@cisco.com>
References: <4A7C9D3B-70C6-4D14-A5D8-F54D84DBBEA9@cisco.com> <4DF6FCAD.1000704@Strombergson.com> <4DF7E236.3060603@ieca.com> <CF0765AF-383F-423F-A8CC-10AEB4A3E348@callas.org> <4DF8627B.1030702@Strombergson.com> <74993A34-C2B3-4FA9-B27B-557AD0E3F7BB@cisco.com> <DD276523-6F9F-466E-BC85-CD9887920E6E@cisco.com> <6679410D-BF1F-4FE4-95DB-90E542CDBBD9@cs.tcd.ie> <BANLkTinJaBzm5wWTcJW1ArF8F-O78HLGKw@mail.gmail.com> <D256DDF2-6E11-4322-91B2-3F052DB52FE3@cs.tcd.ie> <BANLkTimyLVpTNcB8BoMFgjyfa23ikbt_gQ@mail.gmail.com> <4DFD0C1B.6070909@cs.tcd.ie> <BF2B2DDA-08DD-4915-9E69-F7E83BB8D728@cisco.com>
Date: Mon, 20 Jun 2011 11:33:52 -0400
Message-ID: <BANLkTim8VCPY9NhNbYkOE2u2HMR_r9s7sg@mail.gmail.com>
From: Marshall Eubanks <marshall.eubanks@gmail.com>
To: David McGrew <mcgrew@cisco.com>
Content-Type: multipart/alternative; boundary=20cf303f64166b596004a626762a
Cc: Sean Turner <turners@ieca.com>, cfrg@irtf.org
Subject: Re: [Cfrg] What crypto algorithm is referenced most in RFCs?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jun 2011 15:33:55 -0000

On Mon, Jun 20, 2011 at 11:23 AM, David McGrew <mcgrew@cisco.com> wrote:

> Hi Stephen,
>
>
> On Jun 18, 2011, at 1:35 PM, Stephen Farrell wrote:
>
>
>>
>> On 18/06/11 20:09, Marshall Eubanks wrote:
>>
>>> On Sat, Jun 18, 2011 at 2:48 PM, Stephen Farrell
>>> <stephen.farrell@cs.tcd.ie>**wrote*wrote:
>>>
>>>
>>>>
>>>> On 18 Jun 2011, at 19:33, Marshall Eubanks <marshall.eubanks@gmail.com>
>>>> wrote:
>>>>
>>>>
>>>>
>>>> On Fri, Jun 17, 2011 at 3:14 PM, Stephen Farrell <<
>>>> stephen.farrell@cs.tcd.ie>
>>>> stephen.farrell@cs.tcd.ie> wrote:
>>>>
>>>>  Seems like a reasonable idea but defining the "we" that are
>>>>> noticing/sending this might be tricky. We don't want IETF WGs to start
>>>>> complaining about the IRTF CFRG crypto police. People can be touchy
>>>>> about
>>>>> stuff like that. I'm not sure how best that'd be done to be honest.
>>>>>
>>>>>
>>>>>  Write an I-D along the lines of "MD-5 considered dangerous" and get it
>>>> published.
>>>>
>>>>
>>>> RFC6151?
>>>>
>>>>
>>> I thought that there was something like this. Then quote this
>>>
>>>  MD5 is no longer acceptable where collision resistance is required
>>>  such as digital signatures.  It is not urgent to stop using MD5 in
>>>  other ways, such as HMAC-MD5; however, since MD5 must not be used for
>>>  digital signatures, new protocol designs should not employ HMAC-MD5.
>>>
>>>
>>> and point out how the new I-D disagrees with it.
>>>
>>> That's not being the Crypto police. After all, the IESG approved this RFC
>>> and new use of MD5 should get pushback when an I-D gets to the IESG.
>>> Pointing this out earlier is just saving people's time, and ADs generally
>>> appreciate having their time saved.
>>>
>>
>> Sure, I'm all for it if its not perceived as adding bureaucracy.
>> Don't forget we already have up to 6 reviews etc. on stuff at
>> last-call time.
>>
>> If someone has a way to generate a report identifying relevant
>> -00 and -01 drafts maybe, and someone else is willing to ping
>> authors and explain when they then say "so what" that might
>> be good.
>>
>> I'd say a concrete proposal for what and how to do it, sent to
>> this list (and then probably saag) for sanity checking would
>> be good. So, who's stepping up to figure out details for such
>> a proposal?
>>
>
> I have a set of scripts for producing the list of relevant drafts
> (containing more AWK programming than I would prefer to admit to ;-)  It
> would probably be good to provide more detailed information about the 00
> I-Ds, such as the crypto algorithm(s) that they reference.  In the case of
> MD5, it would be good to know which I-Ds mention MD5 but don't mention
> RFC6151.  I am happy to contribute this as an "official" RG contribution if
> people feel that is important (I'm not sure why it would be, but if it makes
> process easier I can generate a doc or a webpage with the IETF Trust
> copyright notice).
>
> There are about 120 00-version drafts that reference crypto currently.
>  Most of those are doing the right thing, and won't require much if any work
> from crypto-reviewers.   This suggests that the "steady state" workload of
> having CFRG review the uses of crypto in new I-Ds will be manageable, if we
> can get a couple of volunteers.  There are also 170 current I-Ds that
> mention MD5, which suggests that the short-term workload will be higher than
> the steady state workload.  If anyone is interested, please send a note
> either to the list, or to Stephen, Sean, and me.
>
> I think the best way to operate would be find some volunteers to go through
> the I-Ds that mention MD5, and send out a notification to authors where
> needed.  If there are cases in which the actual security properties are not
> clear, those should be brought back to the RG for discussion.  If this seems
> fruitful, we can apply the process to -00 I-Ds going forward.
>
>
If you are going to do that, what about DES and rfc4772 ? If you're going to
be looking...

Marshall




> Looking ahead a bit, it seems like it would be valuable for the RG to
> produce a document describing the crypto algorithms that are in use and
> providing guidance.  I think it would be healthy to have a discussion in
> CFRG on the guidance, and this document could be something that we point to.
>
> David
>
>
>
>> S.
>>
>>
>>
>>> Regards
>>> Marshall
>>>
>>>
>>>  S
>>>>
>>>>
>>>> Regards
>>>> Marshall
>>>>
>>>>
>>>>
>>>>
>>>>  S
>>>>>
>>>>> On 17 Jun 2011, at 19:40, David McGrew < <mcgrew@cisco.com>
>>>>> mcgrew@cisco.com> wrote:
>>>>>
>>>>>
>>>>>> On Jun 17, 2011, at 11:29 AM, David McGrew wrote:
>>>>>>
>>>>>>  Hi Joachim,
>>>>>>>
>>>>>>> +1 on the idea of making sure that current I-Ds that mention MD5 are
>>>>>>>
>>>>>> aware   Probably this could be done by crafting a short paragraph
>>>>> saying
>>>>> something like "We noticed that your RFC references MD5;
>>>>>
>>>>>>
>>>>>> aargh, I meant "your I-D references MD5".
>>>>>>
>>>>>> David
>>>>>> ______________________________**_________________
>>>>>> Cfrg mailing list
>>>>>> <Cfrg@irtf.org>Cfrg@irtf.org
>>>>>> <http://www.irtf.org/mailman/**listinfo/cfrg<http://www.irtf.org/mailman/listinfo/cfrg>
>>>>>> >
>>>>>>
>>>>> http://www.irtf.org/mailman/**listinfo/cfrg<http://www.irtf.org/mailman/listinfo/cfrg>
>>>>> ______________________________**_________________
>>>>> Cfrg mailing list
>>>>> <Cfrg@irtf.org>Cfrg@irtf.org
>>>>> <http://www.irtf.org/mailman/**listinfo/cfrg<http://www.irtf.org/mailman/listinfo/cfrg>
>>>>> >
>>>>> http://www.irtf.org/mailman/**listinfo/cfrg<http://www.irtf.org/mailman/listinfo/cfrg>
>>>>>
>>>>>
>>>>
>>>>
>>>  ______________________________**_________________
>> Cfrg mailing list
>> Cfrg@irtf.org
>> http://www.irtf.org/mailman/**listinfo/cfrg<http://www.irtf.org/mailman/listinfo/cfrg>
>>
>
>