IETF Logo Mail Archive

RE: [Isis-wg] Context for IS-IS HMAC SHS

"Manav Bhatia" <manav_bhatia06@yahoo.co.uk> Tue, 17 April 2007 02:18 UTC

Return-path: <isis-wg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HddHE-0006rn-LJ; Mon, 16 Apr 2007 22:18:40 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HddHD-0006rV-20 for isis-wg@ietf.org; Mon, 16 Apr 2007 22:18:39 -0400
Received: from smtp003.mail.ukl.yahoo.com ([217.12.11.34]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1HddHB-00079t-Cz for isis-wg@ietf.org; Mon, 16 Apr 2007 22:18:39 -0400
Received: (qmail 57161 invoked from network); 17 Apr 2007 02:18:36 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.co.uk; h=Received:X-YMail-OSG:From:To:Cc:Subject:Date:Organization:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Mailer:In-Reply-To:Thread-Index:X-MimeOLE; b=hkPEh9/2lvgPN0p8bhpTiUnazgCklOgm4HsqS9+eWZuANbFHJX/8FlmQ1LRBH0CpQoEpSJ5ApalRadHNDa3hNWtvQf5tH6PxPLzlY7s/wHC/WREF2GQXePjKeDylbA4cVmlTgpu2GmNd6YY4+TYkgEzYiNsNlwiYurprgXZeHqU= ;
Received: from unknown (HELO mbhatia) (manav_bhatia06@202.144.106.189 with login) by smtp003.mail.ukl.yahoo.com with SMTP; 17 Apr 2007 02:18:35 -0000
X-YMail-OSG: lJnjHhcVM1n1ensCfla6YgAnFCgXWcPfiyBsQLUycrIY9PTsgcNIZgKDxJ3TmKDS2A2pq0Jc1ZOuzaV_8KOTL7DsT7V2lTeNEEzeACyx8b204y9kyhPWVHjKKG0-
From: Manav Bhatia <manav_bhatia06@yahoo.co.uk>
To: 'RJ Atkinson' <rja@extremenetworks.com>
Subject: RE: [Isis-wg] Context for IS-IS HMAC SHS
Date: Tue, 17 Apr 2007 07:48:08 +0530
Organization: Alcatel-Lucent
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
In-Reply-To: <DA246F37-6745-4CC2-BAED-2837955F2FF9@extremenetworks.com>
Thread-Index: AceAdpLBOrdy3eKmT9mKh632zUNwZwAFCQow
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
X-Spam-Score: 0.9 (/)
X-Scan-Signature: 92df29fa99cf13e554b84c8374345c17
Cc: isis-wg@ietf.org
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/isis-wg>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
Errors-To: isis-wg-bounces@ietf.org
Message-Id: <E1HddHE-0006rn-LJ@megatron.ietf.org>

Ran,
 
> NIST is the originator of and standards body for Secure Hash Standard
> (also called: Secure Hash Algorithm).  NIST provided specific
> mathematics to use for protection of IGP information when SHS
> is the algorithm in use.  I've talked with several different people
> at NIST.  Each one has said to use the same mathematics.
> 

We have discussed this *several* times offline and I have forwarded you
scores of mails from different leading cryptographers who agree with us that
using Apad does not really add anything substantial to the security of the
HMAC construct. So let us not say that there are folks who claim certain
things unless there is a paper, study or proof to back that up, because
there is an equal set of folks who think that the HMAC construct used in the
WG doc is correct and flawless.

> RFC-4822 and at least the one draft use the mathematics that
> NIST said to use.  Since the goal here is to make NIST happy,
> which in turn makes lots of end-users happy, it was an easy
> and quick decision just to follow their instructions.

But not necessarily the right one ..

If you remember I had sent you an email while RFC 4822 was still in the
draft stage citing a possible attack that could have been thwarted if we had
used some other value for the constant Apad. An authenticated
RFC-4822-compliant RIP network is still vulnerable to a host of malicious
attacks despite using the NISTs SHA algorithms. Those could have been fixed
if we had been more circumspect and used a different value of Apad. These
attacks will get documented in the next version of
draft-manral-rpsec-existing-crypto-*. The solution would probably follow in
a subsequent draft.

> 
> The rationale for the mathematics really doesn't matter here.
> If IETF is working with cryptographic algorithm X and the
> standards-body for cryptographic algorithm X says to use
> that algorithm in a particular way, the IETF should do it
> that particular way.

I carefully read the Secure Hash Standard as described in the Federal
Information Processing Standards Publications issued by NIST after the
necessary approvals from the Secretary of Commerce and I could find no
mention of Apad there anywhere. It would be most helpful if you could point
out to the relevant text in the following link that indicates NISTs
recommendation of using the Apad. 

http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.p
df

I then read NISTs FIPS PUB 198 document that details on how the HMAC should
be used in combination with an approved cryptographic hash function. There
also I could find no mention of the alleged benefits one reaps out of using
Apad. In fact the FIPS-198 does not even mention Apad and it has the same
cryptographic mathematics as described in the IS-IS WG doc.

http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf

Cheers,
Manav
 


	
	
		
___________________________________________________________ 
All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease of use." - PC Magazine 
http://uk.docs.yahoo.com/nowyoucan.html


_______________________________________________
Isis-wg mailing list
Isis-wg@ietf.org
https://www1.ietf.org/mailman/listinfo/isis-wg

v2.23.0 | Report a Bug | By Email