IETF Logo Mail Archive

Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis-01.txt

Russ White <riw@cisco.com> Tue, 06 March 2007 12:49 UTC

Return-path: <isis-wg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HOZ78-0000Gy-AX; Tue, 06 Mar 2007 07:49:58 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HNHSB-0000Bm-4g for isis-wg@ietf.org; Fri, 02 Mar 2007 18:46:23 -0500
Received: from xmail03.myhosting.com ([168.144.250.18]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HNHS9-0008JJ-T4 for isis-wg@ietf.org; Fri, 02 Mar 2007 18:46:23 -0500
Received: (qmail 24459 invoked from network); 2 Mar 2007 23:46:21 -0000
Received: from unknown (HELO [192.168.100.205]) (Authenticated-user:_russ@riw.us@[65.190.218.139]) (envelope-sender <riw@cisco.com>) by xmail03.myhosting.com (qmail-ldap-1.03) with SMTP for <tli@cisco.com>; 2 Mar 2007 23:46:21 -0000
Message-ID: <45E8B735.5060405@cisco.com>
Date: Fri, 02 Mar 2007 18:45:57 -0500
From: Russ White <riw@cisco.com>
User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)
MIME-Version: 1.0
To: Tony Li <tli@cisco.com>
Subject: Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis-01.txt
References: <7993FE39-A603-4830-B63F-9615A38B3DEA@cisco.com> <45E88174.7040208@ipinfusion.com> <5B7CE451-04FE-42EC-B786-8F952C3F8C0A@cisco.com>
In-Reply-To: <5B7CE451-04FE-42EC-B786-8F952C3F8C0A@cisco.com>
X-Enigmail-Version: 0.94.1.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a7d6aff76b15f3f56fcb94490e1052e4
X-Mailman-Approved-At: Tue, 06 Mar 2007 07:49:57 -0500
Cc: isis-wg@ietf.org
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/isis-wg>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
Errors-To: isis-wg-bounces@ietf.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> Thus, collisions with a hashing function are *inevitable*.

The question is, as I've always understood it (?), how long does it take
to produce such a collision? The most recent number I saw, probably two
years ago, I think, was in a presentation by Russ Housley, and was on
the order of 14 seconds.

> This does not make them insecure.  Our purpose in using a hashing
> function is to provide authentication.  We wish to ensure that an
> attacker cannot take an arbitrary packet P' and compute a similar hash
> without knowing the secret.  Collision attacks do not give an attacker
> that capability.

No, but if you can find a large number of packets with a matching hash
in a short period of time, then you may be able to find one that does
have all the correct syntax of a normal IS-IS packets.

I don't think any of us have the definitive answers here, we're just
going by what we've seen in presentations, and on mailing lists, etc. My
general understanding is that there's always points of argument in the
security world, of course, but the idea is to point the way forward
before this becomes an issue, and not after, I think.

:-)

Russ

- --
riw@cisco.com CCIE <>< Grace Alone

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF6Lc1ER27sUhU9OQRAodXAJ0Q96roXfy13d8BWVNgArdpyp3yDACfUViy
zIcr+pJqUKtlsw8GLaYVkMs=
=w2MH
-----END PGP SIGNATURE-----

_______________________________________________
Isis-wg mailing list
Isis-wg@ietf.org
https://www1.ietf.org/mailman/listinfo/isis-wg

v2.23.0 | Report a Bug | By Email