Re: [Gen-art] Gen-ART Telechat Review of draft-ietf-csi-hash-threat-09
Suresh Krishnan <suresh.krishnan@ericsson.com> Wed, 10 March 2010 04:00 UTC
Return-Path: <suresh.krishnan@ericsson.com>
X-Original-To: gen-art@core3.amsl.com
Delivered-To: gen-art@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 85C643A6AC9 for <gen-art@core3.amsl.com>; Tue, 9 Mar 2010 20:00:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p7Z0O70ICnS7 for <gen-art@core3.amsl.com>; Tue, 9 Mar 2010 20:00:32 -0800 (PST)
Received: from imr1.ericy.com (imr1.ericy.com [198.24.6.9]) by core3.amsl.com (Postfix) with ESMTP id 76E183A681A for <gen-art@ietf.org>; Tue, 9 Mar 2010 20:00:32 -0800 (PST)
Received: from eusaamw0707.eamcs.ericsson.se ([147.117.20.32]) by imr1.ericy.com (8.13.1/8.13.1) with ESMTP id o2A43KJK003214; Tue, 9 Mar 2010 22:03:20 -0600
Received: from [142.133.10.113] (147.117.20.213) by eusaamw0707.eamcs.ericsson.se (147.117.20.92) with Microsoft SMTP Server id 8.1.375.2; Tue, 9 Mar 2010 23:00:35 -0500
Message-ID: <4B971860.4060507@ericsson.com>
Date: Tue, 09 Mar 2010 22:56:16 -0500
From: Suresh Krishnan <suresh.krishnan@ericsson.com>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: McCann Peter-A001034 <pete.mccann@motorola.com>
References: <274D46DDEB9F2244B2F1EA66B3FF54BC0657FA78@de01exm70.ds.mot.com>
In-Reply-To: <274D46DDEB9F2244B2F1EA66B3FF54BC0657FA78@de01exm70.ds.mot.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "gen-art@ietf.org" <gen-art@ietf.org>, "draft-ietf-csi-hash-threat.all@tools.ietf.org" <draft-ietf-csi-hash-threat.all@tools.ietf.org>
Subject: Re: [Gen-art] Gen-ART Telechat Review of draft-ietf-csi-hash-threat-09
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Mar 2010 04:00:33 -0000
Hi Pete, Thanks for the comments. Please see responses inline. On 10-03-09 05:32 PM, McCann Peter-A001034 wrote: > I have been selected as the General Area Review Team (Gen-ART) reviewer > for this draft (for background on Gen-ART, please see > http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). > > Please wait for direction from your document shepherd or AD before > posting a new version of the draft. > > Document: draft-ietf-csi-hash-threat-09 > Reviewer: Pete McCann > Review Date: 09 March 2010 > IESG Telechat date: 11 March 2010 > > Summary: A couple of minor issues, > and numerous editorial fixes are needed before publication. > > Major issues: None. > > Minor issues: > > Introduction: > There is a great variaty of hash functions, but only MD5 and SHA-1 > are in the wide use, which is also the case for SEND > This sentence makes a statement about MD5 and SHA-1 being the only > widely > used hash functions, but I can't figure out what it is saying about > SEND. > Is it saying that SEND is widely used? Or did you mean to say that SEND > implementations typically only implement MD5 and SHA-1? The latter. I propose changing the text to "There is a great variety of hash functions, but only MD5 and SHA-1 are widely used. SEND implementations also typically use these two hash algorithms." > > Section 3: > Supposing that the hash function > produces an n-bit long output, since each output is equally likely, > an attack takes an order of 2^n operations to be successful. > SHOULD SAY: "on the order of". OK. > But this sentence is just plain > incorrect (see below). > Due to > the birthday attack, if the hash function is supplied with a random > input, it returns one of the k equally-likely values, and the number > of operations can be reduced to the number of 1.2*2^(n/2) operations. > There is no "birthday attack." And I think you meant 2^n instead of k. > The result you give is due to an equation that is commonly illustrated > with > a problem known as the "birthday paradox." Right. A birthday attack is an attack that exploits the mathematics behind the birthday paradox. It is a fairly commonly used term. Would you like me to change something? > > Nits/editorial comments: Agree with you on all these comments. Will fix all these. Thanks Suresh
- [Gen-art] Gen-ART Telechat Review of draft-ietf-c… McCann Peter-A001034
- Re: [Gen-art] Gen-ART Telechat Review of draft-ie… Suresh Krishnan
- Re: [Gen-art] Gen-ART Telechat Review of draft-ie… Ana Kukec
- Re: [Gen-art] Gen-ART Telechat Review of draft-ie… McCann Peter-A001034