Re: Remove little-used algorithms from IKEv2
Dan McDonald <danmcd@east.sun.com> Thu, 14 March 2002 22:19 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g2EMJn425934; Thu, 14 Mar 2002 14:19:49 -0800 (PST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id QAA06356 Thu, 14 Mar 2002 16:42:14 -0500 (EST)
Message-Id: <200203142153.g2ELrtDq022893@kebe.east.sun.com>
Subject: Re: Remove little-used algorithms from IKEv2
In-Reply-To: <2F3EC696EAEED311BB2D009027C3F4F405869A08@vhqpostal.verisign.com> from "Hallam-Baker, Phillip" at "Mar 14, 2002 12:32:33 pm"
To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
Date: Thu, 14 Mar 2002 16:53:55 -0500
CC: ipsec@lists.tislabs.com
From: Dan McDonald <danmcd@east.sun.com>
Organization: Sun Microsystems, Inc. - Solaris Internet Engineering
X-Mailer: ELM [version 2.4ME+ PL66 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
> Any reason for keeping the MD5 algorithms given their somewhat compromised > status? > > MD5 and SHA are pretty close and share the same internal structure so I > don't think we can really justify MD5 as a fallback to SHA-1, particularly > in the light of the Dobbertin results. Hmmm, I thought HMAC prevented these problems. Here's a note from a w3c list that forwards a conversation between Dobbertin and IPsec list regular Hugo Krawczyk: http://lists.w3.org/Archives/Public/ietf-tls/1996AprJun/0111.html MD5 is a far better peformer than SHA-1 - especially if you work around MD5's poor assumptions that all-the-world's-an-Intel. > We should anticipate that the AES based SHA-2 algorithms will appear in due > course so it is not as if there would only be one algorithm Now _this_ is a better point, but removing MD5 from IKE based on just Dobbertin is not sufficient, IMHO. Also, these proposed removals are for IKE only, not for AH/ESP, correct? HMAC-MD5 is still quite sufficient for packet integrity, and like I said, it smokes compared with SHA. Perhaps we should be looking at UMAC for future AH/ESP secure hashes? Dan
- Remove little-used algorithms from IKEv2 Paul Hoffman / VPNC
- RE: Remove little-used algorithms from IKEv2 Hallam-Baker, Phillip
- RE: Remove little-used algorithms from IKEv2 Henry Spencer
- Re: Remove little-used algorithms from IKEv2 Paul Koning
- Re: Remove little-used algorithms from IKEv2 Dan McDonald
- RE: Remove little-used algorithms from IKEv2 Paul Hoffman / VPNC
- Re: Remove little-used algorithms from IKEv2 Paul Hoffman / VPNC
- RE: Remove little-used algorithms from IKEv2 Hallam-Baker, Phillip
- Re: Remove little-used algorithms from IKEv2 Derek Atkins
- Re: Remove little-used algorithms from IKEv2 Paul Hoffman / VPNC
- Re: Remove little-used algorithms from IKEv2 Uri Blumenthal
- Re: Remove little-used algorithms from IKEv2 Paul Hoffman / VPNC
- Re: Remove little-used algorithms from IKEv2 Henry Spencer
- Re: Remove little-used algorithms from IKEv2 Paul Koning
- RE: Remove little-used algorithms from IKEv2 Hallam-Baker, Phillip
- Re: Remove little-used algorithms from IKEv2 Stephane Beaulieu
- RE: Remove little-used algorithms from IKEv2 Paul Hoffman / VPNC
- Re: Remove little-used algorithms from IKEv2 Dan McDonald