IETF Logo Mail Archive

Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis-01.txt

Vishwas Manral <vishwas@ipinfusion.com> Fri, 02 March 2007 22:39 UTC

Return-path: <isis-wg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HNGPr-0002fQ-PA; Fri, 02 Mar 2007 17:39:55 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HNGPr-0002fG-1v for isis-wg@ietf.org; Fri, 02 Mar 2007 17:39:55 -0500
Received: from mail.ipinfusion.com ([65.223.109.2] helo=gateway.ipinfusion.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HNGPn-0005e6-L9 for isis-wg@ietf.org; Fri, 02 Mar 2007 17:39:55 -0500
Received: from [127.0.0.1] ([65.223.109.250]) by gateway.ipinfusion.com (8.11.6/8.11.6) with ESMTP id l22MdAK11738; Fri, 2 Mar 2007 14:39:10 -0800
Message-ID: <45E8A78D.5000203@ipinfusion.com>
Date: Fri, 02 Mar 2007 14:39:09 -0800
From: Vishwas Manral <vishwas@ipinfusion.com>
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To: "Parker, Jeff" <jeffp@middlebury.edu>
Subject: Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis-01.txt
References: <7993FE39-A603-4830-B63F-9615A38B3DEA@cisco.com> <45E88174.7040208@ipinfusion.com> <5B7CE451-04FE-42EC-B786-8F952C3F8C0A@cisco.com> <45E89CD7.7030708@ipinfusion.com> <17896.41109.961725.28931@gargle.gargle.HOWL> <45E8A2BD.6070704@ipinfusion.com> <66356C9E5BCEB143AFF94ED511CD6F8D01A27451@seahawk.middlebury.edu>
In-Reply-To: <66356C9E5BCEB143AFF94ED511CD6F8D01A27451@seahawk.middlebury.edu>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a
Cc: Tony Li <tli@cisco.com>, isis-wg@ietf.org, James Carlson <james.d.carlson@sun.com>
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/isis-wg>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
Errors-To: isis-wg-bounces@ietf.org

Jeff,

>> many characters not part of the standard character set and hence 
>> are invisible(so just the same as if they were not there).
>>     
> Fortunately, we don't depend upon people reading the TLVs to spot problems.  
>   
Agree. :) This was the document case which is given as a typical example 
for issues that might occur with hash collisions.
> The question is not how many packets hash to the same value, but 
> "Can you produce a valid, but different packet quickly?" 
Ok, let me clarify the whole thing. Being able to find collisions goes 
against the design of the hash function. There are now programs 
(referenced in the document) that can result in that. Though no known 
attacks are there for protocols currently, but because vulnerabilities 
have been found in the hashing mechanisms, the Security area currently 
does not promote the use of the hash functions. It suggest replacement 
of these hash functions. Infact NIST in the same theme as they developed 
AES have now made an open call for new Hash functions.

Just to clarify HMAC-MD5 and HMAC-SHA-1 do not suffer from collision 
attacks that are suffered by the non-HMAC versions.

The aim of the draft is to bring forward the issues with the current 
hash functions and clearly state the new mechanisms. As Tony said we 
need to clarify that further, so that no confusion results.

Thanks,
Vishwas


_______________________________________________
Isis-wg mailing list
Isis-wg@ietf.org
https://www1.ietf.org/mailman/listinfo/isis-wg

v2.23.0 | Report a Bug | By Email