Re: [CGA-EXT] Typos in draft-ietf-csi-hash-threat-10 + little comment

Suresh Krishnan <suresh.krishnan@ericsson.com> Wed, 28 July 2010 09:14 UTC

Return-Path: <suresh.krishnan@ericsson.com>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D9D6128C0E0 for <cga-ext@core3.amsl.com>; Wed, 28 Jul 2010 02:14:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.545
X-Spam-Level:
X-Spam-Status: No, score=-2.545 tagged_above=-999 required=5 tests=[AWL=0.054, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9xXaw34fOyJb for <cga-ext@core3.amsl.com>; Wed, 28 Jul 2010 02:14:57 -0700 (PDT)
Received: from imr3.ericy.com (imr3.ericy.com [198.24.6.13]) by core3.amsl.com (Postfix) with ESMTP id BB91D28C12F for <cga-ext@ietf.org>; Wed, 28 Jul 2010 02:14:56 -0700 (PDT)
Received: from eusaamw0711.eamcs.ericsson.se ([147.117.20.178]) by imr3.ericy.com (8.13.8/8.13.8) with ESMTP id o6S9FGds024934 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 28 Jul 2010 04:15:19 -0500
Received: from EUSAACMS0703.eamcs.ericsson.se ([169.254.1.134]) by eusaamw0711.eamcs.ericsson.se ([147.117.20.178]) with mapi; Wed, 28 Jul 2010 05:15:16 -0400
From: Suresh Krishnan <suresh.krishnan@ericsson.com>
To: Tony Cheneau <tony.cheneau@it-sudparis.eu>, "draft-ietf-csi-hash-threat@tools.ietf.org" <draft-ietf-csi-hash-threat@tools.ietf.org>
Date: Wed, 28 Jul 2010 05:15:15 -0400
Thread-Topic: Typos in draft-ietf-csi-hash-threat-10 + little comment
Thread-Index: Acsn8nTOMKpJZf3+TwSzeVvMHe5R4gGQiqoQ
Message-ID: <4FD1E7CD248BF84F86BD4814EDDDBCC150AD8FD93D@EUSAACMS0703.eamcs.ericsson.se>
References: <alpine.LNX.2.00.1007201133190.10324@whitebox>
In-Reply-To: <alpine.LNX.2.00.1007201133190.10324@whitebox>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "cga-ext@ietf.org" <cga-ext@ietf.org>
Subject: Re: [CGA-EXT] Typos in draft-ietf-csi-hash-threat-10 + little comment
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jul 2010 09:15:00 -0000

Hi Tony,
  Thanks for the comments. 

> -----Original Message-----
> From: Tony Cheneau [mailto:tony.cheneau@it-sudparis.eu] 
> Sent: Tuesday, July 20, 2010 12:00 PM
> To: draft-ietf-csi-hash-threat@tools.ietf.org
> Cc: cga-ext@ietf.org
> Subject: Typos in draft-ietf-csi-hash-threat-10 + little comment
> 
> Hello Ana, Suresh and Sheng,
> 
> I read your document and noted the following typos:
> 
> Section 3:
> theaforementioned => the aforementioned
> 
> Section 5:
> "the attacks against hash functions hash attacks" => "the 
> attacks against hash functions"

Will fix these.

> 
> Also, I see that section 4 from the -09 version has been 
> removed ("Support for the hash agility in SEND"). I read the 
> IESG evaluation record and I fail to see why this part was 
> removed. Could you detail this decision ? 
> IMHO, this section was especially important because RFC 4982 
> only describes CGA related issues and not SEND issues.

There was a conscious decision made not to delve into the 
solution space and this was the reason the hash agility support
section was removed. The WG consensus for the document was only
to analyze the threats and not propose solutions. The earlier
versions of the documents were stretching this consensus a bit
but the latest version is in line. This does not imply that the
hash agility solution is not needed or is unworkable :-) just 
that it is out of the scope of this document.

Cheers
Suresh