Re: [COSE] Barry Leiba's Yes on draft-ietf-cose-hash-algs-04: (with COMMENT)
Roman Danyliw <rdd@cert.org> Tue, 09 June 2020 03:12 UTC
Return-Path: <rdd@cert.org>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A8D23A07E6; Mon, 8 Jun 2020 20:12:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YKaTxKKHNgT7; Mon, 8 Jun 2020 20:12:44 -0700 (PDT)
Received: from veto.sei.cmu.edu (veto.sei.cmu.edu [147.72.252.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F1EB3A07E3; Mon, 8 Jun 2020 20:12:44 -0700 (PDT)
Received: from delp.sei.cmu.edu (delp.sei.cmu.edu [10.64.21.31]) by veto.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 0593CXXc042661; Mon, 8 Jun 2020 23:12:33 -0400
DKIM-Filter: OpenDKIM Filter v2.11.0 veto.sei.cmu.edu 0593CXXc042661
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1591672353; bh=WJXURWCZjtV+FH4K2fsHAKWaBSzYJ+hL32gYahfp5cE=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=Xm1ddXeivGibBmgWGzN5SIpdLNB3XSwYAZhjT6DI6BneFrPDjOIaa3hSBOnscPWqb AyprjwSXt77VAC45vCFwM7Aot4tBcPO24amzmehGGzOtbLeJh+bZfkjlKrMN6XK9Xj jNgI5qgfy6KUMXtb06haeQ+YTTF0y72NN9HQHzkY=
Received: from CASSINA.ad.sei.cmu.edu (cassina.ad.sei.cmu.edu [10.64.28.249]) by delp.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 0593CWTQ043129; Mon, 8 Jun 2020 23:12:32 -0400
Received: from MURIEL.ad.sei.cmu.edu (147.72.252.47) by CASSINA.ad.sei.cmu.edu (10.64.28.249) with Microsoft SMTP Server (TLS) id 14.3.487.0; Mon, 8 Jun 2020 23:12:32 -0400
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by MURIEL.ad.sei.cmu.edu (147.72.252.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1979.3; Mon, 8 Jun 2020 23:12:31 -0400
Received: from MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb]) by MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb%13]) with mapi id 15.01.1979.003; Mon, 8 Jun 2020 23:12:31 -0400
From: Roman Danyliw <rdd@cert.org>
To: Jim Schaad <ietf@augustcellars.com>, 'Barry Leiba' <barryleiba@computer.org>, 'The IESG' <iesg@ietf.org>
CC: 'Ivaylo Petrov' <ivaylo@ackl.io>, "cose-chairs@ietf.org" <cose-chairs@ietf.org>, "draft-ietf-cose-hash-algs@ietf.org" <draft-ietf-cose-hash-algs@ietf.org>, "cose@ietf.org" <cose@ietf.org>
Thread-Topic: Barry Leiba's Yes on draft-ietf-cose-hash-algs-04: (with COMMENT)
Thread-Index: AQHWORJ0yI0vY8L1OE+96dC4L61gBKjPoflg
Date: Tue, 09 Jun 2020 03:12:31 +0000
Message-ID: <f7b7384e4a0d4ddfa91602e491a04114@cert.org>
References: <159107239537.28693.16065000145824637198@ietfa.amsl.com> <006201d63912$5e7663e0$1b632ba0$@augustcellars.com>
In-Reply-To: <006201d63912$5e7663e0$1b632ba0$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.202.211]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/YMBFqM2rT6gqWpeNZQL38TSo5ZY>
Subject: Re: [COSE] Barry Leiba's Yes on draft-ietf-cose-hash-algs-04: (with COMMENT)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jun 2020 03:12:46 -0000
Hi Jim! > -----Original Message----- > From: iesg <iesg-bounces@ietf.org> On Behalf Of Jim Schaad > Sent: Tuesday, June 2, 2020 3:17 PM > To: 'Barry Leiba' <barryleiba@computer.org>; 'The IESG' <iesg@ietf.org> > Cc: 'Ivaylo Petrov' <ivaylo@ackl.io>; cose-chairs@ietf.org; draft-ietf-cose-hash- > algs@ietf.org; cose@ietf.org > Subject: RE: Barry Leiba's Yes on draft-ietf-cose-hash-algs-04: (with COMMENT) > > > > -----Original Message----- > From: Barry Leiba via Datatracker <noreply@ietf.org> > Sent: Monday, June 1, 2020 9:33 PM > To: The IESG <iesg@ietf.org> > Cc: draft-ietf-cose-hash-algs@ietf.org; cose-chairs@ietf.org; cose@ietf.org; > Ivaylo Petrov <ivaylo@ackl.io>; ivaylo@ackl.io > Subject: Barry Leiba's Yes on draft-ietf-cose-hash-algs-04: (with COMMENT) > > Barry Leiba has entered the following ballot position for > draft-ietf-cose-hash-algs-04: Yes > > When responding, please keep the subject line intact and reply to all email > addresses included in the To and CC lines. (Feel free to cut this introductory > paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-cose-hash-algs/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- [snip] > The standard "Collision Attack" is one where an attacker can > find two different messages that have the same hash value. If a > collision attack exists, then the function SHOULD NOT be used for a > cryptographic purpose. > > I’m uncomfortable with having this document give a brief tutorial on > cryptographic hashing, as it has to be oversimplified... and it is. If it’s going to > stay, I’d like to see ar least one minor change, though I’ll defer to the Sec ADs > on this point: for any hash alg, it is always possible to encounter a collision, and > the text isn’t clear about what “if a collision attack exists” > really means. I think it means not to use it if a collision attack is practical, and > maybe this is a better way to say it?: > > NEW > A "collision attack" is one where an attacker can > find two different messages that have the same hash value. A > hash function that is susceptible to collision attacks, SHOULD > NOT be used for cryptographic purposes. > END > > [JLS] Done. Given how fast we are at getting hash algorithms changed, I don't > know that the trigger I would use is that the attack is practical. Just the ability > to find a collision at all is the trigger that we need to start changing the hash > algorithms we are using. People have talked about SHA-1 collisions for the last > twenty years, but only in the last two have they become practical. Should we > be suggesting the SHOULD earlier than 2017? Perhaps we simply state the guiding design principal. Say: A "collision attack" is one where an attacker can find two different messages that have the same hash value. A hash function that is susceptible to practical collision attacks SHOULD NOT be used for cryptographic purposes. The discovery of theoretical collision attacks against a given hash function SHOULD trigger a review of the continued suitability of the algorithm if alternatives are available and migration is viable. Regards, Roman
- [COSE] Barry Leiba's Yes on draft-ietf-cose-hash-… Barry Leiba via Datatracker
- Re: [COSE] Barry Leiba's Yes on draft-ietf-cose-h… Jim Schaad
- Re: [COSE] Barry Leiba's Yes on draft-ietf-cose-h… Barry Leiba
- Re: [COSE] Barry Leiba's Yes on draft-ietf-cose-h… Roman Danyliw
- Re: [COSE] Barry Leiba's Yes on draft-ietf-cose-h… Jim Schaad