Re: [CGA-EXT] WGLC for draft-ietf-csi-hash-threat-10.txt
Roque Gagliano <rogaglia@cisco.com> Fri, 23 July 2010 11:33 UTC
Return-Path: <rogaglia@cisco.com>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 61A983A68C2 for <cga-ext@core3.amsl.com>; Fri, 23 Jul 2010 04:33:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.933
X-Spam-Level:
X-Spam-Status: No, score=-9.933 tagged_above=-999 required=5 tests=[AWL=0.666, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w1OgNCB-bXbb for <cga-ext@core3.amsl.com>; Fri, 23 Jul 2010 04:33:02 -0700 (PDT)
Received: from rtp-iport-1.cisco.com (rtp-iport-1.cisco.com [64.102.122.148]) by core3.amsl.com (Postfix) with ESMTP id EA3163A6452 for <cga-ext@ietf.org>; Fri, 23 Jul 2010 04:33:01 -0700 (PDT)
Authentication-Results: rtp-iport-1.cisco.com; dkim=neutral (message not signed) header.i=none
X-Files: smime.p7s : 3815
Received: from rtp-core-1.cisco.com ([64.102.124.12]) by rtp-iport-1.cisco.com with ESMTP; 23 Jul 2010 11:33:18 +0000
Received: from ams3-vpn-dhcp6530.cisco.com (ams3-vpn-dhcp6530.cisco.com [10.61.89.129]) by rtp-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id o6NBXH6j009685; Fri, 23 Jul 2010 11:33:18 GMT
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: multipart/signed; boundary="Apple-Mail-89-929886050"; protocol="application/pkcs7-signature"; micalg="sha1"
From: Roque Gagliano <rogaglia@cisco.com>
In-Reply-To: <4C3ABAE1.4070402@it.uc3m.es>
Date: Fri, 23 Jul 2010 13:33:16 +0200
Message-Id: <8738F4EF-37C3-4922-8529-AAEC1A726B77@cisco.com>
References: <4C3ABAE1.4070402@it.uc3m.es>
To: marcelo bagnulo braun <marcelo@it.uc3m.es>
X-Mailer: Apple Mail (2.1081)
Cc: "Laganier, Julien" <julienl@qualcomm.com>, "cga-ext@ietf.org" <cga-ext@ietf.org>, Jari Arkko <Jari.Arkko@ericsson.com>, Ralph Droms <rdroms@cisco.com>
Subject: Re: [CGA-EXT] WGLC for draft-ietf-csi-hash-threat-10.txt
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jul 2010 11:33:03 -0000
Hi, I first would like to say that I am very pleased with the outcome of the review process. Particularly Section 3.2 addresses some of the concerns I raised after WG last-call. I do have some additional comments: 1) I still find odds that the document talks about MD5 and SHA-1 hashing in the PKIX certificate when the only current algorithm described in the cert-profile document (taken from the SIDR document) is SHA-256, there should not be any MD5 or SHA-1 used for signature for the PKIX certificates for SEND. Moreover, there is no reference to MD5 in the RFC3971. 2) I would also add a reference to the cert-profile document. 3) The attack on 3.2 has not "yet" been demonstrated for SHA-256. That should be clarified. 4) By adding the SKI Trust Anchor identifier (draft-ietf-csi-send-name-type-registry), we are also adding another use of hashes in SEND. There is some text in the security section of that document about the effect of a collision affecting the SKI. You could also add this particular text. Regards, Roque On Jul 12, 2010, at 8:49 AM, marcelo bagnulo braun wrote: > Hi, > > Based on the reviews we got, the authors have produced a new version of this document. Considering the amount of changes, we are issuing a new WGLC. > Please review the document and comment before monday 26th of july. > > Find the details attached. > > Regards, marcelo > > -------- Mensaje original -------- > Asunto: I-D Action:draft-ietf-csi-hash-threat-10.txt > Fecha: Sun, 11 Jul 2010 17:45:02 -0700 (PDT) > De: Internet-Drafts@ietf.org > Responder a: internet-drafts@ietf.org > Para: i-d-announce@ietf.org > CC: cga-ext@ietf.org > > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Cga& Send maIntenance Working Group of the IETF. > > > Title : SEND Hash Threat Analysis > Author(s) : A. Kukec, et al. > Filename : draft-ietf-csi-hash-threat-10.txt > Pages : 6 > Date : 2010-07-11 > > This document analyzes the use of hashes in Secure Neighbor Discovery > (SEND), the possible threats to these hashes and the impact of recent > attacks on hash functions used by SEND. The SEND specification > [RFC3971] currently uses the SHA-1 [SHA1] hash algorithm and PKIX > certificates [RFC5280] and does not provide support for hash > algorithm agility. This document provides an analysis of possible > threats to the hash algorithms used in SEND. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-ietf-csi-hash-threat-10.txt > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > Below is the data which will enable a MIME compliant mail reader > implementation to automatically retrieve the ASCII version of the > Internet-Draft. > > > <draft-ietf-csi-hash-threat-10.txt><Parte del mensaje adjunto.txt>_______________________________________________ > CGA-EXT mailing list > CGA-EXT@ietf.org > https://www.ietf.org/mailman/listinfo/cga-ext
- [CGA-EXT] WGLC for draft-ietf-csi-hash-threat-10.… marcelo bagnulo braun
- Re: [CGA-EXT] WGLC for draft-ietf-csi-hash-threat… Roque Gagliano