IETF Logo Mail Archive

Re: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds: draft-ietf-mip6-auth-protocol-01.txt anddraft-ietf-mip6-mn-ident-option-00.txt

"James Kempf" <kempf@docomolabs-usa.com> Fri, 17 December 2004 12:35 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA12159 for <mip6-web-archive@ietf.org>; Fri, 17 Dec 2004 07:35:14 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CfHSt-0002mq-BB for mip6-web-archive@ietf.org; Fri, 17 Dec 2004 07:44:11 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CfHGP-0008Dv-Cp; Fri, 17 Dec 2004 07:31:17 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CfH9Y-0006xV-Qu for mip6@megatron.ietf.org; Fri, 17 Dec 2004 07:24:13 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA11049 for <mip6@ietf.org>; Fri, 17 Dec 2004 07:24:11 -0500 (EST)
Received: from key1.docomolabs-usa.com ([216.98.102.225] helo=fridge.docomolabs-usa.com ident=fwuser) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CfHI1-0002Pg-SO for mip6@ietf.org; Fri, 17 Dec 2004 07:33:08 -0500
Message-ID: <006a01c4e433$6a479e40$4f6015ac@dcml.docomolabsusa.com>
From: James Kempf <kempf@docomolabs-usa.com>
To: Kent Leung <kleung@cisco.com>, Wing Cheong Lau <lau@qualcomm.com>
References: <200412141424.iBEEOMSj052267@givry.rennes.enst-bretagne.fr> <4.3.2.7.2.20041216133242.02270008@mira-sjcm-2.cisco.com> <6.0.0.22.2.20041216141128.04139370@qcmail1.qualcomm.com>
Subject: Re: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds: draft-ietf-mip6-auth-protocol-01.txt anddraft-ietf-mip6-mn-ident-option-00.txt
Date: Fri, 17 Dec 2004 04:24:47 -0800
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 386e0819b1192672467565a524848168
Content-Transfer-Encoding: 7bit
Cc: mip6@ietf.org, Francis Dupont <Francis.Dupont@enst-bretagne.fr>, Basavaraj.Patil@nokia.com
X-BeenThere: mip6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mip6.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip6@ietf.org>
List-Help: <mailto:mip6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=subscribe>
Sender: mip6-bounces@ietf.org
Errors-To: mip6-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8de5f93cb2b4e3bee75302e9eacc33db
Content-Transfer-Encoding: 7bit

I'd suggest that someone write a draft for the radext WG proposing MD5 be
replaced with SHA-1.

I doubt that the security directorate will let draft-ietf-mip6-auth-protocol
progress, even as Informational, if MD5 is in it.

        jak

----- Original Message ----- 
From: "Wing Cheong Lau" <lau@qualcomm.com>
To: "Kent Leung" <kleung@cisco.com>; "James Kempf"
<kempf@docomolabs-usa.com>
Cc: <mip6@ietf.org>; "Francis Dupont" <Francis.Dupont@enst-bretagne.fr>;
<Basavaraj.Patil@nokia.com>
Sent: Thursday, December 16, 2004 2:33 PM
Subject: Re: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds:
draft-ietf-mip6-auth-protocol-01.txt
anddraft-ietf-mip6-mn-ident-option-00.txt


> At 01:34 PM 12/16/2004, Kent Leung wrote:
> >Hi James.
> >
> >Acknowledged.  Unless there's disagreement, we'll replace MD5 context
> >with SHA-1 in the document.
> >
> >Thanks.
> >
> >Kent
> Dear Kent,
>
> Once you replace MD5 with SHA-1, will you be proposing corresponding
> extensions/ changes to
> RADIUS and CHAP so that one can use RADIUS/CHAP to authenticate a BU using
> MN-AAA authentication
> option in your draft ? (there is no mentioning of SHA-1 in RFC2865 or RFC
> 1996 so far).
>
> If not, how will the MN-AAA option interoperate with the AAA ?
>
> Regards,
>
> Wing
>
> >At 05:41 PM 12/14/2004 -0800, James Kempf wrote:
> >> >  - another point: MD5 should be replaced by SHA-1 everywhere in the
> >>document.
> >>
> >>Yes, this can't be emphasized strongly enough.
> >>
> >>Results by Xiaoyun Wang from China presented at Crypto in Santa Barbara
this
> >>summer showed that with 1 hr of precomputation on IBM P690, new
collisons on
> >>1024 bit messages could be generated every 15 sec. to 5 min. MD5 should
be
> >>considered insecure and not used, and it should be EOL-ed in existing
IETF
> >>protocols and replaced with SHA-1.
> >>
> >>SHA-1 appears to be secure after 40 rounds but has been broken up to 40
(it
> >>typically takes 80), which appears to be the limit possible with the
current
> >>cryptanalysis technique. Whether its possible to break SHA-1 completely,
> >>remains to be seen.
> >>
> >>                     jak
> >>
> >>
> >>
> >>_______________________________________________
> >>Mip6 mailing list
> >>Mip6@ietf.org
> >>https://www1.ietf.org/mailman/listinfo/mip6
> >
> >--
> >      |           |                   Kent Leung
> >     :|:         :|:                  IP Mobility Development
> >    :|||:       :|||:                 IOS Technologies Division
> >   :|||||||:   :|||||||:              Voice: 408.526.5030
> >.:|||||||||:.:|||||||||:.             Fax:   408.525.1653
> >  c i s c o S y s t e m s             Email: kleung@cisco.com
> >
> >_______________________________________________
> >Mip6 mailing list
> >Mip6@ietf.org
> >https://www1.ietf.org/mailman/listinfo/mip6
>
>



_______________________________________________
Mip6 mailing list
Mip6@ietf.org
https://www1.ietf.org/mailman/listinfo/mip6

v2.23.0 | Report a Bug | By Email