Re: [CGA-EXT] Comment draft-ietf-csi-hash-threat-08.txt

Ana Kukec <anchie@fer.hr> Sat, 06 March 2010 18:06 UTC

Return-Path: <anchie@fer.hr>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D24C13A8D8A for <cga-ext@core3.amsl.com>; Sat, 6 Mar 2010 10:06:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9mBNrjAbv0tC for <cga-ext@core3.amsl.com>; Sat, 6 Mar 2010 10:06:52 -0800 (PST)
Received: from munja.zvne.fer.hr (munja.zvne.fer.hr [161.53.66.248]) by core3.amsl.com (Postfix) with ESMTP id 83DC63A8A37 for <CGA-EXT@ietf.org>; Sat, 6 Mar 2010 10:06:52 -0800 (PST)
Received: from sluga.fer.hr ([161.53.66.244]) by munja.zvne.fer.hr with Microsoft SMTPSVC(6.0.3790.3959); Sat, 6 Mar 2010 19:06:53 +0100
Received: from anchie-MacBook.lan ([93.136.29.61]) by sluga.fer.hr with Microsoft SMTPSVC(6.0.3790.3959); Sat, 6 Mar 2010 19:06:51 +0100
Message-ID: <4B9299AA.3040800@fer.hr>
Date: Sat, 06 Mar 2010 19:06:34 +0100
From: Ana Kukec <anchie@fer.hr>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: Roque Gagliano <roque.ietf@gmail.com>
References: <5f70d8c91003060933v4360e177u1dbf156e6c1e055e@mail.gmail.com>
In-Reply-To: <5f70d8c91003060933v4360e177u1dbf156e6c1e055e@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 06 Mar 2010 18:06:52.0327 (UTC) FILETIME=[CC716B70:01CABD57]
Cc: CGA-EXT@ietf.org
Subject: Re: [CGA-EXT] Comment draft-ietf-csi-hash-threat-08.txt
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Mar 2010 18:06:53 -0000

Hi Roque,

The draft analysis all possible attacks (theoretically possible, and 
possible in practice) and also mentions "if fields *were* 
human-readable...", but puts focus on the SEND real-world scenarios. For 
example, we've mentioned pre-image attacks although they are not 
theoretically possible, but we've of course put focuse on collision 
attacks. Same thing is with the human readable fields.

Anyway, the WGLC was closed on 8th February.

Ana


Roque Gagliano wrote:
> Hi,
>
> I was starting to review this draft and I realized that most of  
> Section 3.2 is based in "human readable" information.
>
> In SEND, we are not identifying people but functions in equipments, so 
> I am not sure I share how the section is written. Moreover, the cert. 
> profile document particularly requests that names should be 
> "meaningless" in RPKI. This is to avoid any sort of legal issues.
>
> So, a certificate with a bizarre CN could still be valid for SEND. 
> Please check this website with valid RPKI certificates: 
> http://rpki.he.net/
>
> All in all, I believe we should not take for granted that the 
> distinguished name field for either the subject or the issuer of a 
> SEND certificate should always be human readable.
>
> Regards,
>
> Roque
> ------------------------------------------------------------------------
>
> _______________________________________________
> CGA-EXT mailing list
> CGA-EXT@ietf.org
> https://www.ietf.org/mailman/listinfo/cga-ext
>