IETF Logo Mail Archive

Re: Last Call: <draft-turner-md5-seccon-update-07.txt> (Updated

<L.Wood@surrey.ac.uk> Sat, 04 December 2010 11:42 UTC

Return-Path: <L.Wood@surrey.ac.uk>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A74A43A68BA; Sat, 4 Dec 2010 03:42:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.549
X-Spam-Level:
X-Spam-Status: No, score=-6.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S77Nyealus9R; Sat, 4 Dec 2010 03:42:12 -0800 (PST)
Received: from mail78.messagelabs.com (mail78.messagelabs.com [195.245.230.131]) by core3.amsl.com (Postfix) with ESMTP id 42DB03A6AAB; Sat, 4 Dec 2010 03:42:10 -0800 (PST)
X-VirusChecked: Checked
X-Env-Sender: L.Wood@surrey.ac.uk
X-Msg-Ref: server-7.tower-78.messagelabs.com!1291463009!22152019!1
X-StarScan-Version: 6.2.9; banners=-,-,-
X-Originating-IP: [131.227.200.39]
Received: (qmail 4852 invoked from network); 4 Dec 2010 11:43:29 -0000
Received: from unknown (HELO EXHT012P.surrey.ac.uk) (131.227.200.39) by server-7.tower-78.messagelabs.com with AES128-SHA encrypted SMTP; 4 Dec 2010 11:43:29 -0000
Received: from EXMB01CMS.surrey.ac.uk ([169.254.1.245]) by EXHT012P.surrey.ac.uk ([131.227.200.39]) with mapi; Sat, 4 Dec 2010 11:43:29 +0000
From: L.Wood@surrey.ac.uk
To: mrex@sap.com
Date: Sat, 04 Dec 2010 11:43:27 +0000
Subject: Re: Last Call: <draft-turner-md5-seccon-update-07.txt> (Updated
Thread-Topic: Last Call: <draft-turner-md5-seccon-update-07.txt> (Updated
Thread-Index: AcuTqHeBtHSjQwDBSC6qaqg4P1imoQ==
Message-ID: <B94FFF85-AA2A-41FF-A9BA-754B1BC8A048@surrey.ac.uk>
References: <201012040323.oB43NNj1010786@fs4113.wdf.sap.corp>
In-Reply-To: <201012040323.oB43NNj1010786@fs4113.wdf.sap.corp>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-GB
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Mon, 06 Dec 2010 07:31:30 -0800
Cc: wes@mti-systems.com, iesg@ietf.org, L.Wood@surrey.ac.uk, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Dec 2010 11:42:13 -0000

On 4 Dec 2010, at 03:23, Martin Rex wrote:

> Although the attacks against MD5 published so far are practical only
> for creating collision pairs, there has not been published a practical
> preimage attack against MD5.  But the practical collision attack alone
> is devastating for several integrity protection usage scenarios.

I am wondering how the authors of RFC4270 wound up misusing the 'integrity
protection' term to cover both intentional (attack) and unintentional 
modifications, whereas reliability checking covers only the latter.
But, to the security mindset, everything is an attack.

I've now filed two errata on RFC4270.

regards,

L.

Lloyd Wood
L.Wood@surrey.ac.uk
http://sat-net.com/L.Wood

v2.23.0 | Report a Bug | By Email