Re: Last Call: <draft-turner-md5-seccon-update-07.txt> (Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms) to Informational RFC
Francis Dupont <Francis.Dupont@fdupont.fr> Thu, 09 December 2010 21:59 UTC
Return-Path: <Francis.Dupont@fdupont.fr>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6B68728C102; Thu, 9 Dec 2010 13:59:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.206
X-Spam-Level:
X-Spam-Status: No, score=-3.206 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BdshL8eJ+isz; Thu, 9 Dec 2010 13:59:17 -0800 (PST)
Received: from givry.fdupont.fr (givry.fdupont.fr [91.121.26.85]) by core3.amsl.com (Postfix) with ESMTP id 5A9CA28C0F3; Thu, 9 Dec 2010 13:59:17 -0800 (PST)
Received: from givry.fdupont.fr (localhost [127.0.0.1]) by givry.fdupont.fr (8.14.3/8.14.3) with ESMTP id oB9M0kJL049458; Thu, 9 Dec 2010 22:00:46 GMT (envelope-from dupont@givry.fdupont.fr)
Message-Id: <201012092200.oB9M0kJL049458@givry.fdupont.fr>
From: Francis Dupont <Francis.Dupont@fdupont.fr>
To: "Eddy, Wesley M. (GRC-MS00)[ASRC AEROSPACE CORP]" <wesley.m.eddy@nasa.gov>
Subject: Re: Last Call: <draft-turner-md5-seccon-update-07.txt> (Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms) to Informational RFC
In-reply-to: Your message of Wed, 08 Dec 2010 21:01:32 CST. <C304DB494AC0C04C87C6A6E2FF5603DB482335838B@NDJSSCC01.ndc.nasa.gov>
Date: Thu, 09 Dec 2010 23:00:46 +0100
Sender: Francis.Dupont@fdupont.fr
Cc: "wes@mti-systems.com" <wes@mti-systems.com>, "iesg@ietf.org" <iesg@ietf.org>, "L.Wood@surrey.ac.uk" <L.Wood@surrey.ac.uk>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2010 21:59:18 -0000
In your previous mail you wrote: I think a published update to MD5 security considerations should clearly say what it's still fine to do with MD5, in addition to what it's not safe to do. This would mean adding a couple sentences, and that's about all it would really take to be clear on the issue: "Since RFC 1321 was published, MD5 found popular use in checksuming large file transfers. This use of MD5 is still reasonable, as the level of collision resistance is of less importance in this application and MD5 may be significantly more efficient than cryptographically stronger algorithms. Communications, networking, and storage systems prone to errors (e.g. due to faulty hardware, drivers, bit-errors, faulty NAT/ALG algorithms, etc) do not implement the known MD5 collision-finding algorithms, and MD5 remains highly effective at detecting such errors." => you are trying to amplify the practical issue so I can't see how it solves it (:-)... Regards Francis.Dupont@fdupont.fr PS: BTW IMHO a dedicated function should be better than MD5 for this use, of course to reuse MD5 is easier (and I did it too :-).
- Last Call: <draft-turner-md5-seccon-update-07.txt… L.Wood
- Re: Last Call: <draft-turner-md5-seccon-update-07… Sean Turner
- Re: Last Call: <draft-turner-md5-seccon-update-07… L.Wood
- Re: Last Call: <draft-turner-md5-seccon-update-07… Sam Hartman
- Re: Last Call: <draft-turner-md5-seccon-update-07… Martin Rex
- Re: Last Call: <draft-turner-md5-seccon-update-07… Martin Rex
- Re: Last Call: <draft-turner-md5-seccon-update-07… L.Wood
- Re: Last Call: <draft-turner-md5-seccon-update-07… L.Wood
- Re: Last Call: <draft-turner-md5-seccon-update-07… Francis Dupont
- RE: Last Call: <draft-turner-md5-seccon-update-07… Eddy, Wesley M. (GRC-MS00)[ASRC AEROSPACE CORP]
- RE: Last Call: <draft-turner-md5-seccon-update-07… Christian Huitema
- Re: Last Call: <draft-turner-md5-seccon-update-07… Francis Dupont
- RE: Last Call: <draft-turner-md5-seccon-update-07… Eddy, Wesley M. (GRC-MS00)[ASRC AEROSPACE CORP]
- Re: Last Call: <draft-turner-md5-seccon-update-07… Francis Dupont
- Re: Last Call: <draft-turner-md5-seccon-update-07… Francis Dupont
- Re: Last Call: <draft-turner-md5-seccon-update-07… Sean Turner
- Re: Last Call: <draft-turner-md5-seccon-update-07… Francis Dupont
- RE: Last Call: <draft-turner-md5-seccon-update-07… Eddy, Wesley M. (GRC-MS00)[ASRC AEROSPACE CORP]
- Re: Last Call: <draft-turner-md5-seccon-update-07… Sam Hartman
- Re: Last Call: <draft-turner-md5-seccon-update-07… Sam Hartman
- Re: Last Call: <draft-turner-md5-seccon-update-07… Martin Rex
- Re: Last Call: <draft-turner-md5-seccon-update-07… Sam Hartman