Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis-01.txt
Vishwas Manral <vishwas@ipinfusion.com> Fri, 02 March 2007 19:57 UTC
Return-path: <isis-wg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HNDsV-00089d-MG; Fri, 02 Mar 2007 14:57:19 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HNDsU-0007zh-4A for isis-wg@ietf.org; Fri, 02 Mar 2007 14:57:18 -0500
Received: from mail.ipinfusion.com ([65.223.109.2] helo=gateway.ipinfusion.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HNDsS-0002RY-KK for isis-wg@ietf.org; Fri, 02 Mar 2007 14:57:18 -0500
Received: from [127.0.0.1] ([65.223.109.250]) by gateway.ipinfusion.com (8.11.6/8.11.6) with ESMTP id l22JubK07250; Fri, 2 Mar 2007 11:56:37 -0800
Message-ID: <45E88174.7040208@ipinfusion.com>
Date: Fri, 02 Mar 2007 11:56:36 -0800
From: Vishwas Manral <vishwas@ipinfusion.com>
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To: Tony Li <tli@cisco.com>
Subject: Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis-01.txt
References: <7993FE39-A603-4830-B63F-9615A38B3DEA@cisco.com>
In-Reply-To: <7993FE39-A603-4830-B63F-9615A38B3DEA@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f60d0f7806b0c40781eee6b9cd0b2135
Cc: isis-wg@ietf.org
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/isis-wg>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
Errors-To: isis-wg-bounces@ietf.org
Hi Tony, I understand your concern. I understand the statement saying "making MD5 very insecure" needs to be well qualified. I agree it is a problem when MD5 is used for hashing before a document is signed, as two different documents could then have the same hash and hence the same sign. It may not necessarily be true in the IS-IS case. I totally understand that the collision in Hash Functions does not necessarily cause the hash mechanism as used in IS-IS to break. Collisions are however against the basic design of hash functions. May be the text needs to be clarified. Infact you will see that in the document sighting issues with current security mechanisms I have stated the fact that having the checksum mitigates the attack However some protocols (OSPF for sure, not sure about IS-IS) disable checksum calculation when the security hashing is used. Do let me know if I am wrong here? Thanks, Vishwas Tony Li wrote: > Hi, > > I'd like to take exception to some language found in this draft. I > quote: > > The HMAC-MD5 scheme is also not good enough as there have recently > been reports about attacks on the collision resistance properties of > MD5 [MD5-attack]. MD5CRK, was a distributed computing project to > break the MD5 hash algorithm in a short period of time. The project > closed down with the publication of the paper [MD5-attack]. > > It was discovered that collisions can be found in MD5 algorithm in > less than 24 hours, making MD5 very insecure. > > I find this language to simply be irresponsible in that it > misconstrues an attack vector and then draws a completely incorrect > conclusion and reports it using the most incendiary language possible. > > It is correct that it is possible to quickly find a collision for an > MD5 hash. However, just finding a collision does not give an attacker > a mechanism to compute a correct hash for an arbitrary packet. Thus, > the attacker does not have a mechanism to forge arbitrary packets and > have them injected into IS-IS. In fact, the most that this process > will do is allow the attacker to calculate some other, effectively > pseudo-random packet that would have an identical hash. The odds of > such a packet being a syntactically correct IS-IS PDU are long indeed > (e.g., is the Fletcher checksum correct?), and the odds of it further > performing some attack of interest within an IS-IS domain are longer > still. > > Note that I do not disagree that there is a need for replacement > algorithms. Experience has shown that all cryptographic algorithms > will eventually be compromised in serious ways. However, the attack > cited is simply not in that category and it is wholly unreasonable to > claim that the sky is falling. > > I recommend that the WG not accept this draft until this language is > revised. > > Regards, > Tony _______________________________________________ Isis-wg mailing list Isis-wg@ietf.org https://www1.ietf.org/mailman/listinfo/isis-wg
- [Isis-wg] draft-bhatia-manral-crypto-req-isis-01.… Tony Li
- Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis… Vishwas Manral
- Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis… Vishwas Manral
- Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis… Vishwas Manral
- Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis… Vishwas Manral
- RE: [Isis-wg] draft-bhatia-manral-crypto-req-isis… Parker, Jeff
- Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis… Vishwas Manral
- Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis… Tony Li
- Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis… Russ White