Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis-01.txt
Russ White <riw@cisco.com> Tue, 06 March 2007 12:49 UTC
Return-path: <isis-wg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HOZ78-0000Gy-AX; Tue, 06 Mar 2007 07:49:58 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HNHSB-0000Bm-4g for isis-wg@ietf.org; Fri, 02 Mar 2007 18:46:23 -0500
Received: from xmail03.myhosting.com ([168.144.250.18]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HNHS9-0008JJ-T4 for isis-wg@ietf.org; Fri, 02 Mar 2007 18:46:23 -0500
Received: (qmail 24459 invoked from network); 2 Mar 2007 23:46:21 -0000
Received: from unknown (HELO [192.168.100.205]) (Authenticated-user:_russ@riw.us@[65.190.218.139]) (envelope-sender <riw@cisco.com>) by xmail03.myhosting.com (qmail-ldap-1.03) with SMTP for <tli@cisco.com>; 2 Mar 2007 23:46:21 -0000
Message-ID: <45E8B735.5060405@cisco.com>
Date: Fri, 02 Mar 2007 18:45:57 -0500
From: Russ White <riw@cisco.com>
User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)
MIME-Version: 1.0
To: Tony Li <tli@cisco.com>
Subject: Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis-01.txt
References: <7993FE39-A603-4830-B63F-9615A38B3DEA@cisco.com> <45E88174.7040208@ipinfusion.com> <5B7CE451-04FE-42EC-B786-8F952C3F8C0A@cisco.com>
In-Reply-To: <5B7CE451-04FE-42EC-B786-8F952C3F8C0A@cisco.com>
X-Enigmail-Version: 0.94.1.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a7d6aff76b15f3f56fcb94490e1052e4
X-Mailman-Approved-At: Tue, 06 Mar 2007 07:49:57 -0500
Cc: isis-wg@ietf.org
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/isis-wg>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
Errors-To: isis-wg-bounces@ietf.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Thus, collisions with a hashing function are *inevitable*. The question is, as I've always understood it (?), how long does it take to produce such a collision? The most recent number I saw, probably two years ago, I think, was in a presentation by Russ Housley, and was on the order of 14 seconds. > This does not make them insecure. Our purpose in using a hashing > function is to provide authentication. We wish to ensure that an > attacker cannot take an arbitrary packet P' and compute a similar hash > without knowing the secret. Collision attacks do not give an attacker > that capability. No, but if you can find a large number of packets with a matching hash in a short period of time, then you may be able to find one that does have all the correct syntax of a normal IS-IS packets. I don't think any of us have the definitive answers here, we're just going by what we've seen in presentations, and on mailing lists, etc. My general understanding is that there's always points of argument in the security world, of course, but the idea is to point the way forward before this becomes an issue, and not after, I think. :-) Russ - -- riw@cisco.com CCIE <>< Grace Alone -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF6Lc1ER27sUhU9OQRAodXAJ0Q96roXfy13d8BWVNgArdpyp3yDACfUViy zIcr+pJqUKtlsw8GLaYVkMs= =w2MH -----END PGP SIGNATURE----- _______________________________________________ Isis-wg mailing list Isis-wg@ietf.org https://www1.ietf.org/mailman/listinfo/isis-wg
- [Isis-wg] draft-bhatia-manral-crypto-req-isis-01.… Tony Li
- Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis… Vishwas Manral
- Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis… Vishwas Manral
- Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis… Vishwas Manral
- Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis… Vishwas Manral
- RE: [Isis-wg] draft-bhatia-manral-crypto-req-isis… Parker, Jeff
- Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis… Vishwas Manral
- Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis… Tony Li
- Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis… Russ White