RE: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds: draft-ietf-mip6-auth-protocol-01.txtanddraft-ietf-mip6-mn-ident-option-00.txt

James  -

Agree. I have moved on HMAC_SHA1/SHA1 where appropriate.

As Kent mentioned, we are working on a draft to do SHA-1 auth for
Radext WG

-a 

> -----Original Message-----
> From: mip6-bounces@ietf.org [mailto:mip6-bounces@ietf.org] On 
> Behalf Of James Kempf
> Sent: Friday, December 17, 2004 4:25 AM
> To: Kent Leung; Wing Cheong Lau
> Cc: mip6@ietf.org; Francis Dupont; Basavaraj.Patil@nokia.com
> Subject: Re: [Mip6] WG LC (Deadline Dec 18th,04) for I-Ds: 
> draft-ietf-mip6-auth-protocol-01.txtanddraft-ietf-mip6-mn-iden
> t-option-00.txt 
> 
> I'd suggest that someone write a draft for the radext WG 
> proposing MD5 be replaced with SHA-1.
> 
> I doubt that the security directorate will let 
> draft-ietf-mip6-auth-protocol progress, even as 
> Informational, if MD5 is in it.
> 
>         jak
> 
> ----- Original Message -----
> From: "Wing Cheong Lau" <lau@qualcomm.com>
> To: "Kent Leung" <kleung@cisco.com>; "James Kempf"
> <kempf@docomolabs-usa.com>
> Cc: <mip6@ietf.org>; "Francis Dupont" 
> <Francis.Dupont@enst-bretagne.fr>;
> <Basavaraj.Patil@nokia.com>
> Sent: Thursday, December 16, 2004 2:33 PM
> Subject: Re: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds:
> draft-ietf-mip6-auth-protocol-01.txt
> anddraft-ietf-mip6-mn-ident-option-00.txt
> 
> 
> > At 01:34 PM 12/16/2004, Kent Leung wrote:
> > >Hi James.
> > >
> > >Acknowledged.  Unless there's disagreement, we'll replace 
> MD5 context
> > >with SHA-1 in the document.
> > >
> > >Thanks.
> > >
> > >Kent
> > Dear Kent,
> >
> > Once you replace MD5 with SHA-1, will you be proposing corresponding
> > extensions/ changes to
> > RADIUS and CHAP so that one can use RADIUS/CHAP to 
> authenticate a BU using
> > MN-AAA authentication
> > option in your draft ? (there is no mentioning of SHA-1 in 
> RFC2865 or RFC
> > 1996 so far).
> >
> > If not, how will the MN-AAA option interoperate with the AAA ?
> >
> > Regards,
> >
> > Wing
> >
> > >At 05:41 PM 12/14/2004 -0800, James Kempf wrote:
> > >> >  - another point: MD5 should be replaced by SHA-1 
> everywhere in the
> > >>document.
> > >>
> > >>Yes, this can't be emphasized strongly enough.
> > >>
> > >>Results by Xiaoyun Wang from China presented at Crypto in 
> Santa Barbara
> this
> > >>summer showed that with 1 hr of precomputation on IBM P690, new
> collisons on
> > >>1024 bit messages could be generated every 15 sec. to 5 
> min. MD5 should
> be
> > >>considered insecure and not used, and it should be EOL-ed 
> in existing
> IETF
> > >>protocols and replaced with SHA-1.
> > >>
> > >>SHA-1 appears to be secure after 40 rounds but has been 
> broken up to 40
> (it
> > >>typically takes 80), which appears to be the limit 
> possible with the
> current
> > >>cryptanalysis technique. Whether its possible to break 
> SHA-1 completely,
> > >>remains to be seen.
> > >>
> > >>                     jak
> > >>
> > >>
> > >>
> > >>_______________________________________________
> > >>Mip6 mailing list
> > >>Mip6@ietf.org
> > >>https://www1.ietf.org/mailman/listinfo/mip6
> > >
> > >--
> > >      |           |                   Kent Leung
> > >     :|:         :|:                  IP Mobility Development
> > >    :|||:       :|||:                 IOS Technologies Division
> > >   :|||||||:   :|||||||:              Voice: 408.526.5030
> > >.:|||||||||:.:|||||||||:.             Fax:   408.525.1653
> > >  c i s c o S y s t e m s             Email: kleung@cisco.com
> > >
> > >_______________________________________________
> > >Mip6 mailing list
> > >Mip6@ietf.org
> > >https://www1.ietf.org/mailman/listinfo/mip6
> >
> >
> 
> 
> 
> _______________________________________________
> Mip6 mailing list
> Mip6@ietf.org
> https://www1.ietf.org/mailman/listinfo/mip6
> 

_______________________________________________
Mip6 mailing list
Mip6@ietf.org
https://www1.ietf.org/mailman/listinfo/mip6