[Gen-art] Gen-ART Telechat Review of draft-ietf-csi-hash-threat-09
"McCann Peter-A001034" <pete.mccann@motorola.com> Tue, 09 March 2010 22:32 UTC
Return-Path: <pete.mccann@motorola.com>
X-Original-To: gen-art@core3.amsl.com
Delivered-To: gen-art@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 43CC03A69DC for <gen-art@core3.amsl.com>; Tue, 9 Mar 2010 14:32:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qvpqSvhVALK4 for <gen-art@core3.amsl.com>; Tue, 9 Mar 2010 14:32:44 -0800 (PST)
Received: from mail128.messagelabs.com (mail128.messagelabs.com [216.82.250.131]) by core3.amsl.com (Postfix) with ESMTP id 4A3C53A6AA3 for <gen-art@ietf.org>; Tue, 9 Mar 2010 14:32:40 -0800 (PST)
X-VirusChecked: Checked
X-Env-Sender: pete.mccann@motorola.com
X-Msg-Ref: server-2.tower-128.messagelabs.com!1268173959!11146945!1
X-StarScan-Version: 6.2.4; banners=-,-,-
X-Originating-IP: [129.188.136.8]
Received: (qmail 28698 invoked from network); 9 Mar 2010 22:32:39 -0000
Received: from motgate8.mot.com (HELO motgate8.mot.com) (129.188.136.8) by server-2.tower-128.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 9 Mar 2010 22:32:39 -0000
Received: from il06exr04.mot.com (il06exr04.mot.com [129.188.137.134]) by motgate8.mot.com (8.14.3/8.14.3) with ESMTP id o29MWccp008222 for <gen-art@ietf.org>; Tue, 9 Mar 2010 15:32:38 -0700 (MST)
Received: from il06vts01.mot.com (il06vts01.mot.com [129.188.137.141]) by il06exr04.mot.com (8.13.1/Vontu) with SMTP id o29MWc5o018698 for <gen-art@ietf.org>; Tue, 9 Mar 2010 16:32:38 -0600 (CST)
Received: from de01exm70.ds.mot.com (de01exm70.am.mot.com [10.176.8.26]) by il06exr04.mot.com (8.13.1/8.13.0) with ESMTP id o29MWc6E018695 for <gen-art@ietf.org>; Tue, 9 Mar 2010 16:32:38 -0600 (CST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 09 Mar 2010 17:32:18 -0500
Message-ID: <274D46DDEB9F2244B2F1EA66B3FF54BC0657FA78@de01exm70.ds.mot.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Gen-ART Telechat Review of draft-ietf-csi-hash-threat-09
thread-index: Acq/2GBvPeNYVZYFQ8yzMrKqpLjm3Q==
From: McCann Peter-A001034 <pete.mccann@motorola.com>
To: gen-art@ietf.org, draft-ietf-csi-hash-threat.all@tools.ietf.org
X-CFilter-Loop: Reflected
Subject: [Gen-art] Gen-ART Telechat Review of draft-ietf-csi-hash-threat-09
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Mar 2010 22:32:45 -0000
I have been selected as the General Area Review Team (Gen-ART) reviewer for this draft (for background on Gen-ART, please see http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-ietf-csi-hash-threat-09 Reviewer: Pete McCann Review Date: 09 March 2010 IESG Telechat date: 11 March 2010 Summary: A couple of minor issues, and numerous editorial fixes are needed before publication. Major issues: None. Minor issues: Introduction: There is a great variaty of hash functions, but only MD5 and SHA-1 are in the wide use, which is also the case for SEND This sentence makes a statement about MD5 and SHA-1 being the only widely used hash functions, but I can't figure out what it is saying about SEND. Is it saying that SEND is widely used? Or did you mean to say that SEND implementations typically only implement MD5 and SHA-1? Section 3: Supposing that the hash function produces an n-bit long output, since each output is equally likely, an attack takes an order of 2^n operations to be successful. SHOULD SAY: "on the order of". But this sentence is just plain incorrect (see below). Due to the birthday attack, if the hash function is supplied with a random input, it returns one of the k equally-likely values, and the number of operations can be reduced to the number of 1.2*2^(n/2) operations. There is no "birthday attack." And I think you meant 2^n instead of k. The result you give is due to an equation that is commonly illustrated with a problem known as the "birthday paradox." Nits/editorial comments: Abstract: possible threats and the impact of recent SHOULD BE: possible threats, and the impact of recent Current SEND specification SHOULD BE: The current SEND specification support for the hash algorithm agility SHOULD BE: support for hash algorithm agility The purpose of the document SHOULD BE: The purpose of this document encode the hash agility SHOULD BE: encode hash agility Introduction: Key Hash field and SHOULD BE: Key Hash field, and variaty SHOULD BE: variety in the wide use SHOULD BE: in wide use which has been well known for its weaknesses. SHOULD BE: which has well known weaknesses. First hash attacks affected the compression function of MD5 SHOULD BE: Early hash attacks affected the compression function of MD5 significantlly SHOULD BE: a significantly on the way how SHOULD BE: on the way in which underlaying SHOULD BE: underlying (repeated twice) way of use SHOULD BE: use keep the protocol immune, SHOULD BE: keep the protocol secure, matter of the hash SHOULD BE: matter the hash with shared secrets, fingerprints, SHOULD BE: with shared secrets, and fingerprints, The rest of the section SHOULD BE: The rest of this section on SEND by the cases of use. SHOULD BE: on SEND by each use case. the hash agility SHOULD BE: hash agility Section 3.1: the CGA hash agility SHOULD BE: CGA hash agility Section 3.2: allowe SHOULD BE: allow biggest concer are SHOULD BE: the biggest concerns are (if the IP prefix range used), SHOULD BE: (if the IP prefix range were used); although, not broader than the prefix range SHOULD BE: although, it could not be broader than the prefix range to the such human-readble data such SHOULD BE: to such human-readble data attack improve SHOULD BE: attack improves Section 3.3: ND message and other fields, e.g. the Message Type Tag and ND options, SHOULD BE: ND message, and other fields (e.g. the Message Type Tag and ND options), field the example of the non-repudiation digital singature, SHOULD BE: field is an example of a digital singature that needs non-repudiation, more then SHOULD BE: more than but in real-world situation is to achieve it. SHOULD BE: but in a real-world situation it would be difficult to achieve it. Section 3.4: provides the integrity SHOULD BE: provides integrity 4. Support for the hash agility in SEND SHOULD BE: 4. Support for hash agility in SEND Previous section showed SHOULD BE: The previous section showed SEND context prevents those attacks of almost any use SHOULD BE: The SEND context prevents these attacks from being of almost any use for the future SHOULD BE: for future suggest the support for the hash and algorithm agility in SEND. SHOULD BE: suggest support for hash and algorithm agility be added to SEND. secure would SHOULD BE: secure method would then defining SHOULD BE: than defining Possible solution is also the hybrid SHOULD BE: Another possible solution is a hybrid One of possible solutions is the negotiation approach for the SEND hash agility SHOULD BE: One possible solution is the negotiation approach for SEND hash agility Section 6: offeres SHOULD BE: offers providing solution for the hash SHOULD BE: providing a solution for hash for the hash agility SHOULD BE: for hash agility
- [Gen-art] Gen-ART Telechat Review of draft-ietf-c… McCann Peter-A001034
- Re: [Gen-art] Gen-ART Telechat Review of draft-ie… Suresh Krishnan
- Re: [Gen-art] Gen-ART Telechat Review of draft-ie… Ana Kukec
- Re: [Gen-art] Gen-ART Telechat Review of draft-ie… McCann Peter-A001034