IETF Logo Mail Archive

Re: [Gen-art] Gen-ART LC Review of draft-ietf-nsis-nslp-auth-06

Lars Eggert <lars.eggert@nokia.com> Mon, 20 September 2010 14:08 UTC

Return-Path: <lars.eggert@nokia.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 842CC3A6A6C; Mon, 20 Sep 2010 07:08:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.341
X-Spam-Level:
X-Spam-Status: No, score=-103.341 tagged_above=-999 required=5 tests=[AWL=-0.742, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kzEkrpp9zJct; Mon, 20 Sep 2010 07:08:58 -0700 (PDT)
Received: from mgw-sa01.nokia.com (smtp.nokia.com [147.243.1.47]) by core3.amsl.com (Postfix) with ESMTP id BCFD53A6A63; Mon, 20 Sep 2010 07:08:57 -0700 (PDT)
Received: from mail.fit.nokia.com (esdhcp030222.research.nokia.com [172.21.30.222]) by mgw-sa01.nokia.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id o8KE9JI9008815 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 20 Sep 2010 17:09:19 +0300
Subject: Re: [Gen-art] Gen-ART LC Review of draft-ietf-nsis-nslp-auth-06
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.96.2 at fit.nokia.com
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: multipart/signed; boundary="Apple-Mail-20--405607712"; protocol="application/pkcs7-signature"; micalg="sha1"
From: Lars Eggert <lars.eggert@nokia.com>
In-Reply-To: <4C891082.5090803@kit.edu>
Date: Mon, 20 Sep 2010 17:09:13 +0300
Message-Id: <CFAA8C9B-228B-45FD-8A91-1C3EDA4DF3AE@nokia.com>
References: <74BBA174-C2A2-49F4-89F6-873146DD6655@nostrum.com> <4C881B47.7080506@kit.edu> <4C88F587.2080809@vigilsec.com> <4C891082.5090803@kit.edu>
To: Roland Bless <roland.bless@kit.edu>
X-Mailer: Apple Mail (2.1081)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.6 (mail.fit.nokia.com); Mon, 20 Sep 2010 17:09:13 +0300 (EEST)
X-Nokia-AV: Clean
Cc: Ben Campbell <ben@nostrum.com>, General Area Review Team <gen-art@ietf.org>, "draft-ietf-nsis-nslp-auth.all@tools.ietf.org" <draft-ietf-nsis-nslp-auth.all@tools.ietf.org>, IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Sep 2010 14:08:59 -0000

Hi,

where are we with regards to resolving this discuss?

Lars

On 2010-9-9, at 19:51, Roland Bless wrote:

> Hi Russ,
> 
> On 09.09.2010 16:56, Russ Housley wrote:
>> Will any implementations be impacted?  If not, we should ask the
>> Security ADs for their best suggestion.
> 
> At least we have one implementation, but it's nothing that
> we couldn't change easily. So getting advice from the security
> ADs would be good. RFC4270 recommends to change to
> HMAC-SHA-256+, but I don't know whether there exist already better
> alternatives.
> 
> Regards,
> Roland
> 
>> On 9/8/2010 7:24 PM, Roland Bless wrote:
>>>> -- section 4.1.1, 2nd paragraph:
>>>>> 
>>>>> Is HMAC-MD5 still a reasonable choice for a single mandatory-to-implement algorithm these days?
>>> Good question. I thought that HMACs are not so strongly
>>> affected by the discovered hash algorithm weaknesses w.r.t. collision
>>> attacks. I could change this to HMAC-SHA-256 though. Any
>>> other suggestions?
>>> 
> 
> _______________________________________________
> Gen-art mailing list
> Gen-art@ietf.org
> https://www.ietf.org/mailman/listinfo/gen-art

v2.23.0 | Report a Bug | By Email