Re: [CGA-EXT] Typos in draft-ietf-csi-hash-threat-10 + little comment

Ana Kukec <anchie@fer.hr> Wed, 21 July 2010 15:55 UTC

Return-Path: <anchie@fer.hr>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2340C3A6866 for <cga-ext@core3.amsl.com>; Wed, 21 Jul 2010 08:55:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3dOUp3jyO-TD for <cga-ext@core3.amsl.com>; Wed, 21 Jul 2010 08:55:23 -0700 (PDT)
Received: from munja.zvne.fer.hr (munja.zvne.fer.hr [161.53.66.248]) by core3.amsl.com (Postfix) with ESMTP id 093EB3A6A03 for <cga-ext@ietf.org>; Wed, 21 Jul 2010 08:55:22 -0700 (PDT)
Received: from sluga.fer.hr ([161.53.66.244]) by munja.zvne.fer.hr with Microsoft SMTPSVC(6.0.3790.4675); Wed, 21 Jul 2010 17:55:37 +0200
Received: from anchie-MacBook-2.local ([178.160.22.78]) by sluga.fer.hr with Microsoft SMTPSVC(6.0.3790.4675); Wed, 21 Jul 2010 17:55:36 +0200
Message-ID: <4C471877.7090706@fer.hr>
Date: Wed, 21 Jul 2010 17:55:35 +0200
From: Ana Kukec <anchie@fer.hr>
User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
MIME-Version: 1.0
To: Tony Cheneau <tony.cheneau@it-sudparis.eu>
References: <alpine.LNX.2.00.1007201133190.10324@whitebox>
In-Reply-To: <alpine.LNX.2.00.1007201133190.10324@whitebox>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 21 Jul 2010 15:55:37.0006 (UTC) FILETIME=[28FA8CE0:01CB28ED]
Cc: cga-ext@ietf.org, draft-ietf-csi-hash-threat@tools.ietf.org
Subject: Re: [CGA-EXT] Typos in draft-ietf-csi-hash-threat-10 + little comment
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jul 2010 15:55:24 -0000

Hi Tony,

Thank you for your comments.

We've deleted Section 4 due to the conclusion that the only practically 
possible attacks are the ones caused by CGAs themselves. There are 
other, theoretically possible attacks, that may be launched once in a 
future when the one-way property of hash functions will be severely 
affected. Even though we came up with few solutions and their analysis 
about providing the hash agility for SEND, we decided to  remove that 
section because our analysis showed that there are no attacks that can 
be launched now or in the near future (i.e. as long as we are dealing 
"only" with affected collision property and not one-way hash property).

Ana


Tony Cheneau wrote:
> Hello Ana, Suresh and Sheng,
>
> I read your document and noted the following typos:
>
> Section 3:
> theaforementioned => the aforementioned
>
> Section 5:
> "the attacks against hash functions hash attacks" => "the attacks
> against hash functions"
>
> Also, I see that section 4 from the -09 version has been removed 
> ("Support for the hash agility in SEND"). I read the IESG evaluation 
> record and I fail to see why this part was removed. Could you detail 
> this decision ? IMHO, this section was especially important because 
> RFC 4982 only describes CGA related issues and not SEND issues.
>
> Regards,
>     Tony
> _______________________________________________
> CGA-EXT mailing list
> CGA-EXT@ietf.org
> https://www.ietf.org/mailman/listinfo/cga-ext