Re: [hiprg] use of sha-1 in the DHT interface draft
"Ahrenholz, Jeffrey M" <jeffrey.m.ahrenholz@boeing.com> Fri, 21 October 2011 15:00 UTC
Return-Path: <jeffrey.m.ahrenholz@boeing.com>
X-Original-To: hiprg@ietfa.amsl.com
Delivered-To: hiprg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6799721F8C1E for <hiprg@ietfa.amsl.com>; Fri, 21 Oct 2011 08:00:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3rrU1WtvrLA9 for <hiprg@ietfa.amsl.com>; Fri, 21 Oct 2011 08:00:01 -0700 (PDT)
Received: from slb-smtpout-01.boeing.com (slb-smtpout-01.boeing.com [130.76.64.48]) by ietfa.amsl.com (Postfix) with ESMTP id B7A7721F8C22 for <hiprg@irtf.org>; Fri, 21 Oct 2011 08:00:01 -0700 (PDT)
Received: from blv-av-01.boeing.com (blv-av-01.boeing.com [130.247.48.231]) by slb-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id p9LExtan022108 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <hiprg@irtf.org>; Fri, 21 Oct 2011 07:59:58 -0700 (PDT)
Received: from blv-av-01.boeing.com (localhost [127.0.0.1]) by blv-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id p9LExtsF008413 for <hiprg@irtf.org>; Fri, 21 Oct 2011 07:59:55 -0700 (PDT)
Received: from XCH-NWHT-10.nw.nos.boeing.com (xch-nwht-10.nw.nos.boeing.com [130.247.25.113]) by blv-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id p9LExtcv008408 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK) for <hiprg@irtf.org>; Fri, 21 Oct 2011 07:59:55 -0700 (PDT)
Received: from XCH-NW-12V.nw.nos.boeing.com ([130.247.25.246]) by XCH-NWHT-10.nw.nos.boeing.com ([130.247.25.113]) with mapi; Fri, 21 Oct 2011 07:59:55 -0700
From: "Ahrenholz, Jeffrey M" <jeffrey.m.ahrenholz@boeing.com>
To: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>, "hiprg@irtf.org" <hiprg@irtf.org>
Date: Fri, 21 Oct 2011 07:59:57 -0700
Thread-Topic: use of sha-1 in the DHT interface draft
Thread-Index: AcyPMhu12S232/FYTZeFIp5WqSol+QAHb2kgAAxGKRAAHo84kA==
Message-ID: <FD98F9C3CBABA74E89B5D4B5DE0263B9379F1116CA@XCH-NW-12V.nw.nos.boeing.com>
References: <FD98F9C3CBABA74E89B5D4B5DE0263B9379F111483@XCH-NW-12V.nw.nos.boeing.com> <7CC566635CFE364D87DC5803D4712A6C4CF18DF866@XCH-NW-10V.nw.nos.boeing.com>
In-Reply-To: <7CC566635CFE364D87DC5803D4712A6C4CF18DF866@XCH-NW-10V.nw.nos.boeing.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [hiprg] use of sha-1 in the DHT interface draft
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2011 15:00:02 -0000
> However, my understanding is that the DHT server does not enforce the > use of SHA-1; modified clients (that are HIP-aware) could use SHA-256 > truncated to 160 bits. The DHT server does use SHA-1 internally to process removes. If the client uses another hash function, the secret given in the DHT remove will not match the SHA-1 hash used in the put. The draft does not currently require a modified OpenDHT/Bamboo server. It states in sections 3 and 7 that the server MAY/SHOULD be modified for signature and host ID verification (it looks like the "MAY" in section 3 should be changed to "SHOULD".) Use of another hash algorithm would require further server modifications (and specifying an interface that deviates from OpenDHT.) > - keep the draft as is, citing that OpenDHT interface prescribes SHA-1, > and that the other usage of SHA-1 is not trying to obtain any crypto > properties. However, the implication of this is we will need to add > more text in the security section and elsewhere to defuse this "red > flag" I would prefer the above option. The security considerations section can include text about deviating from the OpenDHT interface in order to support other hash functions. The original intent of the draft was to re-use the freely-available OpenDHT interface in an interoperable fashion. -Jeff
- [hiprg] use of sha-1 in the DHT interface draft Henderson, Thomas R
- Re: [hiprg] use of sha-1 in the DHT interface dra… Miika Komu
- Re: [hiprg] use of sha-1 in the DHT interface dra… Tobias Heer
- Re: [hiprg] use of sha-1 in the DHT interface dra… Samu Varjonen
- Re: [hiprg] use of sha-1 in the DHT interface dra… Ahrenholz, Jeffrey M
- Re: [hiprg] use of sha-1 in the DHT interface dra… Henderson, Thomas R
- Re: [hiprg] use of sha-1 in the DHT interface dra… Tobias Heer
- Re: [hiprg] use of sha-1 in the DHT interface dra… L.Wood
- Re: [hiprg] use of sha-1 in the DHT interface dra… Miika Komu