Re: [hiprg] Russ Housley's Discuss on draft-irtf-hiprg-dht-04: (with DISCUSS)
"Ahrenholz, Jeffrey M" <jeffrey.m.ahrenholz@boeing.com> Wed, 02 November 2011 16:15 UTC
Return-Path: <jeffrey.m.ahrenholz@boeing.com>
X-Original-To: hiprg@ietfa.amsl.com
Delivered-To: hiprg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04D451F0C9A; Wed, 2 Nov 2011 09:15:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6
X-Spam-Level:
X-Spam-Status: No, score=-6 tagged_above=-999 required=5 tests=[AWL=-0.200, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BsloepNM4fbt; Wed, 2 Nov 2011 09:15:56 -0700 (PDT)
Received: from stl-smtpout-01.boeing.com (stl-smtpout-01.boeing.com [130.76.96.56]) by ietfa.amsl.com (Postfix) with ESMTP id 6D82D21F9863; Wed, 2 Nov 2011 09:15:56 -0700 (PDT)
Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [192.76.190.6]) by stl-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id pA2GFZv5005219 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 2 Nov 2011 11:15:35 -0500 (CDT)
Received: from stl-av-01.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id pA2GFZ4I021318; Wed, 2 Nov 2011 11:15:35 -0500 (CDT)
Received: from XCH-NWHT-02.nw.nos.boeing.com (xch-nwht-02.nw.nos.boeing.com [130.247.70.248]) by stl-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id pA2GEfrv019135 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Wed, 2 Nov 2011 11:15:35 -0500 (CDT)
Received: from XCH-NW-12V.nw.nos.boeing.com ([130.247.25.246]) by XCH-NWHT-02.nw.nos.boeing.com ([130.247.70.248]) with mapi; Wed, 2 Nov 2011 09:15:27 -0700
From: "Ahrenholz, Jeffrey M" <jeffrey.m.ahrenholz@boeing.com>
To: Russ Housley <housley@vigilsec.com>, The IESG <iesg@ietf.org>
Date: Wed, 02 Nov 2011 09:15:32 -0700
Thread-Topic: Russ Housley's Discuss on draft-irtf-hiprg-dht-04: (with DISCUSS)
Thread-Index: AcyYwJzLkaF4F7cfREq0uVO0M0rWUAAst+GQ
Message-ID: <FD98F9C3CBABA74E89B5D4B5DE0263B9379F33F500@XCH-NW-12V.nw.nos.boeing.com>
References: <20111101180124.28457.22606.idtracker@ietfa.amsl.com>
In-Reply-To: <20111101180124.28457.22606.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: "hiprg@irtf.org" <hiprg@irtf.org>, Kathleen Moriarty <kathleen.moriarty@emc.com>, "draft-irtf-hiprg-dht@tools.ietf.org" <draft-irtf-hiprg-dht@tools.ietf.org>
Subject: Re: [hiprg] Russ Housley's Discuss on draft-irtf-hiprg-dht-04: (with DISCUSS)
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2011 16:15:57 -0000
> ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > > The Gen-ART Review by Kathleen Moriarty on 20-Oct-2011 raised a > concern about the use of SHA-1. The authors said a change would be > made, but it has not been posted yet. > Below is new proposed text for the Security Considerations section of this draft. Does this sufficiently address the comments with regards to the use of SHA-1? thanks, -Jeff " The SHA-1 message digest algorithm is used in two ways in this document, and the security of using this algorithm should be considered within the context of [RFC6194]. The first use is with the OpenDHT put and remove operations, described in Section 2, and the second is to reduce the size of the name string for the HIT lookup service in Section 4.1. The first use is intended to protect the secret values used to store records in the DHT as described by the OpenDHT interface. An attacker would be able to remove a record, after capturing the plaintext put, if a secret value could be found that produces the same secret hash. The purpose of this document is to maintain interoperable compatibility with that interface, which prescribes the use of SHA-1. Future revisions of that interface should consider hash algorithm agility. The OpenDHT FAQ states that future support for other hash algorithms is planned. The second use of the SHA-1 algorithm is to reduce the arbitrarily- sized name strings to fit the fixed OpenDHT key size. No security properties of the SHA-1 algorithm are used in this context. "
- Re: [hiprg] Russ Housley's Discuss on draft-irtf-… Ahrenholz, Jeffrey M