Re: [Gen-art] Gen-ART LC Review of draft-ietf-nsis-nslp-auth-06
Roland Bless <roland.bless@kit.edu> Thu, 09 September 2010 16:51 UTC
Return-Path: <roland.bless@kit.edu>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4AE613A68D6; Thu, 9 Sep 2010 09:51:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.04
X-Spam-Level:
X-Spam-Status: No, score=-6.04 tagged_above=-999 required=5 tests=[AWL=0.209, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0tye8wf9nHVz; Thu, 9 Sep 2010 09:51:00 -0700 (PDT)
Received: from iramx2.ira.uni-karlsruhe.de (iramx2.ira.uni-karlsruhe.de [141.3.10.81]) by core3.amsl.com (Postfix) with ESMTP id 5BC163A6816; Thu, 9 Sep 2010 09:50:57 -0700 (PDT)
Received: from irams1.ira.uni-karlsruhe.de ([141.3.10.5]) by iramx2.ira.uni-karlsruhe.de with esmtps port 25 id 1OtkLE-0006kH-Dq; Thu, 09 Sep 2010 18:51:21 +0200
Received: from i72ms.tm.uni-karlsruhe.de ([141.3.70.5] helo=smtp.ipv6.tm.uni-karlsruhe.de) by irams1.ira.uni-karlsruhe.de with esmtps port 25 id 1OtkLD-0006AT-Rw; Thu, 09 Sep 2010 18:51:15 +0200
Received: from vorta.tm.uka.de (i72vorta.ipv6.tm.uni-karlsruhe.de [IPv6:2001:638:204:6:21b:fcff:fe96:fe02]) by smtp.ipv6.tm.uni-karlsruhe.de (Postfix) with ESMTP id C259E2FC046; Thu, 9 Sep 2010 18:51:15 +0200 (CEST)
Received: from [IPv6:::1] (localhost [127.0.0.1]) by vorta.tm.uka.de (Postfix) with ESMTPS id 29C01794; Thu, 9 Sep 2010 18:51:52 +0200 (CEST)
Message-ID: <4C891082.5090803@kit.edu>
Date: Thu, 09 Sep 2010 18:51:14 +0200
From: Roland Bless <roland.bless@kit.edu>
Organization: Institute of Telematics, Karlsruhe Institute of Technology (KIT)
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060111 Thunderbird/1.5 Mnenhy/0.7.3.0
MIME-Version: 1.0
To: Russ Housley <housley@vigilsec.com>
Subject: Re: [Gen-art] Gen-ART LC Review of draft-ietf-nsis-nslp-auth-06
References: <74BBA174-C2A2-49F4-89F6-873146DD6655@nostrum.com> <4C881B47.7080506@kit.edu> <4C88F587.2080809@vigilsec.com>
In-Reply-To: <4C88F587.2080809@vigilsec.com>
X-Enigmail-Version: 1.0.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-ATIS-AV: ClamAV (irams1.ira.uni-karlsruhe.de)
X-ATIS-AV: ClamAV (iramx2.ira.uni-karlsruhe.de)
X-ATIS-AV: Kaspersky (iramx2.ira.uni-karlsruhe.de)
X-ATIS-Timestamp: iramx2.ira.uni-karlsruhe.de 1284051082.041184000
Cc: Ben Campbell <ben@nostrum.com>, General Area Review Team <gen-art@ietf.org>, draft-ietf-nsis-nslp-auth.all@tools.ietf.org, IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Sep 2010 16:51:08 -0000
Hi Russ, On 09.09.2010 16:56, Russ Housley wrote: > Will any implementations be impacted? If not, we should ask the > Security ADs for their best suggestion. At least we have one implementation, but it's nothing that we couldn't change easily. So getting advice from the security ADs would be good. RFC4270 recommends to change to HMAC-SHA-256+, but I don't know whether there exist already better alternatives. Regards, Roland > On 9/8/2010 7:24 PM, Roland Bless wrote: >>> -- section 4.1.1, 2nd paragraph: >>>> >>>> Is HMAC-MD5 still a reasonable choice for a single mandatory-to-implement algorithm these days? >> Good question. I thought that HMACs are not so strongly >> affected by the discovered hash algorithm weaknesses w.r.t. collision >> attacks. I could change this to HMAC-SHA-256 though. Any >> other suggestions? >>
- Gen-ART LC Review of draft-ietf-nsis-nslp-auth-06 Ben Campbell
- Re: Gen-ART LC Review of draft-ietf-nsis-nslp-aut… Roland Bless
- Re: [Gen-art] Gen-ART LC Review of draft-ietf-nsi… Russ Housley
- Re: [Gen-art] Gen-ART LC Review of draft-ietf-nsi… Roland Bless
- Re: [Gen-art] Gen-ART LC Review of draft-ietf-nsi… Lars Eggert
- Re: [Gen-art] Gen-ART LC Review of draft-ietf-nsi… RJ Atkinson