RE: Last Call: <draft-turner-md5-seccon-update-07.txt> (Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms) to Informational RFC
"Eddy, Wesley M. (GRC-MS00)[ASRC AEROSPACE CORP]" <wesley.m.eddy@nasa.gov> Wed, 08 December 2010 20:10 UTC
Return-Path: <wesley.m.eddy@nasa.gov>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 27ADA3A68AB; Wed, 8 Dec 2010 12:10:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.117
X-Spam-Level:
X-Spam-Status: No, score=-106.117 tagged_above=-999 required=5 tests=[AWL=0.482, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5wlvVlmbj3+1; Wed, 8 Dec 2010 12:10:22 -0800 (PST)
Received: from ndjsnpf03.ndc.nasa.gov (ndjsnpf03.ndc.nasa.gov [198.117.1.123]) by core3.amsl.com (Postfix) with ESMTP id 71BD23A689A; Wed, 8 Dec 2010 12:10:18 -0800 (PST)
Received: from ndjsppt05.ndc.nasa.gov (ndjsppt05.ndc.nasa.gov [198.117.1.104]) by ndjsnpf03.ndc.nasa.gov (Postfix) with ESMTP id 1EA962D85E3; Wed, 8 Dec 2010 14:11:45 -0600 (CST)
Received: from ndjshub02.ndc.nasa.gov (ndjshub02-pub.ndc.nasa.gov [198.117.1.161]) by ndjsppt05.ndc.nasa.gov (8.14.3/8.14.3) with ESMTP id oB8KBjL6003391; Wed, 8 Dec 2010 14:11:45 -0600
Received: from NDJSSCC01.ndc.nasa.gov ([198.117.4.166]) by ndjshub02.ndc.nasa.gov ([198.117.1.161]) with mapi; Wed, 8 Dec 2010 14:11:44 -0600
From: "Eddy, Wesley M. (GRC-MS00)[ASRC AEROSPACE CORP]" <wesley.m.eddy@nasa.gov>
To: Francis Dupont <Francis.Dupont@fdupont.fr>, "L.Wood@surrey.ac.uk" <L.Wood@surrey.ac.uk>
Date: Wed, 08 Dec 2010 14:08:03 -0600
Subject: RE: Last Call: <draft-turner-md5-seccon-update-07.txt> (Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms) to Informational RFC
Thread-Topic: Last Call: <draft-turner-md5-seccon-update-07.txt> (Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms) to Informational RFC
Thread-Index: AcuW6BKAcPNGEywQRI6TTXQPTS6SvgAK4xNo
Message-ID: <C304DB494AC0C04C87C6A6E2FF5603DB4823358384@NDJSSCC01.ndc.nasa.gov>
References: Your message of Fri, 03 Dec 2010 17:32:23 GMT. <2E536B32-428C-4BC7-A784-9DA348979819@surrey.ac.uk> , <201012081455.oB8EthVY034055@givry.fdupont.fr>
In-Reply-To: <201012081455.oB8EthVY034055@givry.fdupont.fr>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.2.15, 1.0.148, 0.0.0000 definitions=2010-12-08_10:2010-12-08, 2010-12-08, 1970-01-01 signatures=0
Cc: "wes@mti-systems.com" <wes@mti-systems.com>, "iesg@ietf.org" <iesg@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Dec 2010 20:10:23 -0000
The logic doesn't make sense in this position. "Crypto modules can't use MD5, thus no protocols at all should use MD5." ________________________________________ From: ietf-bounces@ietf.org [ietf-bounces@ietf.org] On Behalf Of Francis Dupont [Francis.Dupont@fdupont.fr] Sent: Wednesday, December 08, 2010 9:55 AM To: L.Wood@surrey.ac.uk Cc: wes@mti-systems.com; iesg@ietf.org; ietf@ietf.org Subject: Re: Last Call: <draft-turner-md5-seccon-update-07.txt> (Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms) to Informational RFC I have a concern about no security usages of MD5 for practical reasons: in some environments, including US Gov, crypto implementations (e.g., FIPS 140-2 HSMs) are required to not support MD5 so you can have to choose between a compliant application and a conformant crypto, for instance for DNS TSIG... So IMHO it is still a good idea to avoid MD5 in any uses, even when it is still far to have been proved insecure or for an use which is not about security. This could be caught by the "DEPRECATED" keyword in the registry but this registry doesn't seem to have usage entries?! To conclude I am fine with the implicit conclusion of the I-D to not use MD5 or HMAC-MD5 in new protocols. Thanks Francis.Dupont@fdupont.fr PS: I am the gen-art reviewer for this document too. _______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
- Last Call: <draft-turner-md5-seccon-update-07.txt… L.Wood
- Re: Last Call: <draft-turner-md5-seccon-update-07… Sean Turner
- Re: Last Call: <draft-turner-md5-seccon-update-07… L.Wood
- Re: Last Call: <draft-turner-md5-seccon-update-07… Sam Hartman
- Re: Last Call: <draft-turner-md5-seccon-update-07… Martin Rex
- Re: Last Call: <draft-turner-md5-seccon-update-07… Martin Rex
- Re: Last Call: <draft-turner-md5-seccon-update-07… L.Wood
- Re: Last Call: <draft-turner-md5-seccon-update-07… L.Wood
- Re: Last Call: <draft-turner-md5-seccon-update-07… Francis Dupont
- RE: Last Call: <draft-turner-md5-seccon-update-07… Eddy, Wesley M. (GRC-MS00)[ASRC AEROSPACE CORP]
- RE: Last Call: <draft-turner-md5-seccon-update-07… Christian Huitema
- Re: Last Call: <draft-turner-md5-seccon-update-07… Francis Dupont
- RE: Last Call: <draft-turner-md5-seccon-update-07… Eddy, Wesley M. (GRC-MS00)[ASRC AEROSPACE CORP]
- Re: Last Call: <draft-turner-md5-seccon-update-07… Francis Dupont
- Re: Last Call: <draft-turner-md5-seccon-update-07… Francis Dupont
- Re: Last Call: <draft-turner-md5-seccon-update-07… Sean Turner
- Re: Last Call: <draft-turner-md5-seccon-update-07… Francis Dupont
- RE: Last Call: <draft-turner-md5-seccon-update-07… Eddy, Wesley M. (GRC-MS00)[ASRC AEROSPACE CORP]
- Re: Last Call: <draft-turner-md5-seccon-update-07… Sam Hartman
- Re: Last Call: <draft-turner-md5-seccon-update-07… Sam Hartman
- Re: Last Call: <draft-turner-md5-seccon-update-07… Martin Rex
- Re: Last Call: <draft-turner-md5-seccon-update-07… Sam Hartman