Re: [mpls] Kathleen Moriarty's No Objection on draft-ietf-pals-rfc4447bis-05: (with COMMENT)
"BRUNGARD, DEBORAH A" <db3546@att.com> Thu, 29 September 2016 19:11 UTC
Return-Path: <db3546@att.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A50212B230; Thu, 29 Sep 2016 12:11:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.62
X-Spam-Level:
X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OaQvwnMATaMu; Thu, 29 Sep 2016 12:11:46 -0700 (PDT)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C67C012B209; Thu, 29 Sep 2016 12:11:45 -0700 (PDT)
Received: from pps.filterd (m0049462.ppops.net [127.0.0.1]) by m0049462.ppops.net-00191d01. (8.16.0.17/8.16.0.17) with SMTP id u8TJ6vDW003058; Thu, 29 Sep 2016 15:11:43 -0400
Received: from alpi155.enaf.aldc.att.com (sbcsmtp7.sbc.com [144.160.229.24]) by m0049462.ppops.net-00191d01. with ESMTP id 25s8u206q6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 29 Sep 2016 15:11:43 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id u8TJBg4B022722; Thu, 29 Sep 2016 15:11:42 -0400
Received: from mlpi408.sfdc.sbc.com (mlpi408.sfdc.sbc.com [130.9.128.240]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id u8TJBTx9022425 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 29 Sep 2016 15:11:35 -0400
Received: from MISOUT7MSGHUBAC.ITServices.sbc.com (MISOUT7MSGHUBAC.itservices.sbc.com [130.9.129.147]) by mlpi408.sfdc.sbc.com (RSA Interceptor); Thu, 29 Sep 2016 19:11:10 GMT
Received: from MISOUT7MSGUSRDE.ITServices.sbc.com ([169.254.5.162]) by MISOUT7MSGHUBAC.ITServices.sbc.com ([130.9.129.147]) with mapi id 14.03.0301.000; Thu, 29 Sep 2016 15:11:09 -0400
From: "BRUNGARD, DEBORAH A" <db3546@att.com>
To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>, The IESG <iesg@ietf.org>
Thread-Topic: Kathleen Moriarty's No Objection on draft-ietf-pals-rfc4447bis-05: (with COMMENT)
Thread-Index: AQHSGcsvBd1rC1GoPkisRS82wtpNbqCQyXQQ
Date: Thu, 29 Sep 2016 19:11:09 +0000
Message-ID: <F64C10EAA68C8044B33656FA214632C85DD9F55C@MISOUT7MSGUSRDE.ITServices.sbc.com>
References: <147509635038.16668.9595814700421412031.idtracker@ietfa.amsl.com>
In-Reply-To: <147509635038.16668.9595814700421412031.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.16.234.209]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-RSA-Inspected: yes
X-RSA-Classifications: public
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-09-29_12:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1609280000 definitions=main-1609290329
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/5gDqbzBul8xUmKbRdIlt5A2xUiw>
Cc: "mpls@ietf.org" <mpls@ietf.org>, "draft-ietf-pals-rfc4447bis.all@ietf.org" <draft-ietf-pals-rfc4447bis.all@ietf.org>, "mpls-chairs@ietf.org" <mpls-chairs@ietf.org>, "pals-chairs@ietf.org" <pals-chairs@ietf.org>, "pals@ietf.org" <pals@ietf.org>, "draft-ietf-pals-rfc4447bis@ietf.org" <draft-ietf-pals-rfc4447bis@ietf.org>
Subject: Re: [mpls] Kathleen Moriarty's No Objection on draft-ietf-pals-rfc4447bis-05: (with COMMENT)
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2016 19:11:48 -0000
(I've included the MPLS WG as this is also critical in their work) Thanks Kathleen (and Stephen) for your comment on the use of MD5. Reference to use of MD5 is a much larger issue than this RFC for MPLS and PALS. For the MPLS and PALS groups, it has been the choice as it is the only choice for which we are aware. And it is in the on-going work. For example, in MPLS, there is on-going an update of RFC5036: https://www.ietf.org/id/draft-ijln-mpls-rfc5036bis-02.txt It has the following description on MD5: "RFC 2385 [RFC2385] asserts that MD5 authentication is now considered by some to be too weak for this application. It also points out that a similar TCP option with a stronger hashing algorithm (it cites SHA-1 as an example) could be deployed. To our knowledge, no such TCP option has been defined and deployed. However, we note that LDP can use whatever TCP message digest techniques are available, and when one stronger than MD5 is specified and implemented, upgrading LDP to use it would be relatively straightforward." Stephen and Adrian are co-authoring on a draft addressing security aspects of the MPLS data plane, but it does not address the control plane: https://www.ietf.org/id/draft-ietf-mpls-opportunistic-encrypt-02.txt If there is work, please let the MPLS and PALS groups know. If there is a plan to deprecate MD5 by the Security Area, please let us know also. Thanks again, Deborah > -----Original Message----- > From: iesg [mailto:iesg-bounces@ietf.org] On Behalf Of Kathleen Moriarty > Sent: Wednesday, September 28, 2016 4:59 PM > To: The IESG <iesg@ietf.org> > Cc: stewart.bryant@gmail.com; draft-ietf-pals-rfc4447bis.all@ietf.org; draft- > ietf-pals-rfc4447bis@ietf.org; pals-chairs@ietf.org; pals@ietf.org > Subject: Kathleen Moriarty's No Objection on draft-ietf-pals-rfc4447bis-05: > (with COMMENT) > > Kathleen Moriarty has entered the following ballot position for > draft-ietf-pals-rfc4447bis-05: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-pals-rfc4447bis/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I share Stephen's concerns on the use of MD5 and would like to see a > deprecation process begin. >
- Re: [mpls] Kathleen Moriarty's No Objection on dr… BRUNGARD, DEBORAH A