IETF Logo Mail Archive

Re: Last Call: <draft-turner-md5-seccon-update-07.txt> (Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms) to Informational RFC

Francis Dupont <Francis.Dupont@fdupont.fr> Wed, 08 December 2010 14:54 UTC

Return-Path: <Francis.Dupont@fdupont.fr>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7C4E23A6907; Wed, 8 Dec 2010 06:54:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.161
X-Spam-Level:
X-Spam-Status: No, score=-3.161 tagged_above=-999 required=5 tests=[AWL=0.088, BAYES_00=-2.599, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zG+cczNMlops; Wed, 8 Dec 2010 06:54:17 -0800 (PST)
Received: from givry.fdupont.fr (givry.fdupont.fr [91.121.26.85]) by core3.amsl.com (Postfix) with ESMTP id 6DFF93A68CB; Wed, 8 Dec 2010 06:54:17 -0800 (PST)
Received: from givry.fdupont.fr (localhost [127.0.0.1]) by givry.fdupont.fr (8.14.3/8.14.3) with ESMTP id oB8EthVY034055; Wed, 8 Dec 2010 14:55:44 GMT (envelope-from dupont@givry.fdupont.fr)
Message-Id: <201012081455.oB8EthVY034055@givry.fdupont.fr>
From: Francis Dupont <Francis.Dupont@fdupont.fr>
To: L.Wood@surrey.ac.uk
Subject: Re: Last Call: <draft-turner-md5-seccon-update-07.txt> (Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms) to Informational RFC
In-reply-to: Your message of Fri, 03 Dec 2010 17:32:23 GMT. <2E536B32-428C-4BC7-A784-9DA348979819@surrey.ac.uk>
Date: Wed, 08 Dec 2010 15:55:43 +0100
Sender: Francis.Dupont@fdupont.fr
Cc: wes@mti-systems.com, iesg@ietf.org, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Dec 2010 14:54:18 -0000

I have a concern about no security usages of MD5 for practical reasons:
in some environments, including US Gov, crypto implementations (e.g.,
FIPS 140-2 HSMs) are required to not support MD5 so you can have to
choose between a compliant application and a conformant crypto,
for instance for DNS TSIG...

So IMHO it is still a good idea to avoid MD5 in any uses, even when
it is still far to have been proved insecure or for an use which is
not about security.

This could be caught by the "DEPRECATED" keyword in the registry
but this registry doesn't seem to have usage entries?!

To conclude I am fine with the implicit conclusion of the I-D to
not use MD5 or HMAC-MD5 in new protocols.

Thanks

Francis.Dupont@fdupont.fr

PS: I am the gen-art reviewer for this document too.

v2.23.0 | Report a Bug | By Email