IETF Logo Mail Archive

Re: Fw: [Ipsec] I-D ACTION:draft-kelly-ipsec-ciph-sha2-00.txt

"Steven M. Bellovin" <smb@cs.columbia.edu> Fri, 29 September 2006 20:28 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GTOxs-00061z-Vm; Fri, 29 Sep 2006 16:28:08 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GTOxs-00061u-Hf for ipsec@ietf.org; Fri, 29 Sep 2006 16:28:08 -0400
Received: from machshav.com ([147.28.0.16]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GTOxr-0006Gz-69 for ipsec@ietf.org; Fri, 29 Sep 2006 16:28:08 -0400
Received: by machshav.com (Postfix, from userid 512) id 29059FB2BE; Fri, 29 Sep 2006 16:27:52 -0400 (EDT)
Received: from berkshire.machshav.com (localhost [127.0.0.1]) by machshav.com (Postfix) with ESMTP id 1467CFB2AD; Fri, 29 Sep 2006 16:27:51 -0400 (EDT)
Received: by berkshire.machshav.com (Postfix, from userid 54047) id 0010F3C07A0; Fri, 29 Sep 2006 16:27:53 -0400 (EDT)
Date: Fri, 29 Sep 2006 16:27:53 -0400
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: "Scott G. Kelly" <scott@hyperthought.com>
Subject: Re: Fw: [Ipsec] I-D ACTION:draft-kelly-ipsec-ciph-sha2-00.txt
Message-Id: <20060929162753.b39eac78.smb@cs.columbia.edu>
In-Reply-To: <13001419.1159549284566.JavaMail.root@elwamui-wigeon.atl.sa.earthlink.net>
References: <13001419.1159549284566.JavaMail.root@elwamui-wigeon.atl.sa.earthlink.net>
Organization: Columbia University
X-Mailer: Sylpheed version 2.2.7 (GTK+ 2.8.20; i386--netbsdelf)
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d
Cc: ipsec list <ipsec@ietf.org>, "Scott G. Kelly" <s.kelly@ix.netcom.com>
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Errors-To: ipsec-bounces@ietf.org

On Fri, 29 Sep 2006 13:01:24 -0400 (EDT), "Scott G. Kelly"
<s.kelly@ix.netcom.com> wrote:

> Please review and comment on this draft. It's a revamped version of
> draft-ietf-ipsec-ciph-sha2-01.txt, resurrected at Russ's request.  


I found 2.1.1 + 2.1.2 confusing.  2.1.1 says you can't have keys of other
than length 256.  I might quarrel with that -- I'd definitely have used
SHOULD NOT instead of MUST NOT -- but 2.1.2 tells you what to do if your
key isn't 256 bits long.  I perceive no increase in security from padding
a short key with zeros, nor do I understand why it's better to do a
SHA-256 reduction on a long key before using it with HMAC rather than
simply using the longer key directly.  And the notion of a variable key
length function where the variable is constrained to exactly one value is
a bit strange.

You might want to cite RFC 4634 as an Informative reference, since it has
code, and 4231 since it also gives definitions and code points for other
uses of HMAC-SHA-256.

Stepping back a bit, I personally would rather see a single RFC describing
how to use a number of different hash functions with HMAC.  I could almost
use a set of text editor substitution patterns to change this draft from
SHA-256 to SHA-384 or SHA-512.  The core of such a document would be a
table listing acceptable key sizes and truncation sizes for each function
considered.  An appendix could list test vectors.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email