IETF Logo Mail Archive

Re: [mpls] I-D Action: draft-nslag-mpls-deprecate-md5-00.txt

"Adrian Farrel" <adrian@olddog.co.uk> Fri, 23 February 2018 09:53 UTC

Return-Path: <adrian@olddog.co.uk>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E22A126BF0; Fri, 23 Feb 2018 01:53:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tps4ODdcEx0s; Fri, 23 Feb 2018 01:53:50 -0800 (PST)
Received: from mta7.iomartmail.com (mta7.iomartmail.com [62.128.193.157]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E9101242EA; Fri, 23 Feb 2018 01:53:47 -0800 (PST)
Received: from vs2.iomartmail.com (vs2.iomartmail.com [10.12.10.123]) by mta7.iomartmail.com (8.14.4/8.14.4) with ESMTP id w1N9rj3T012094; Fri, 23 Feb 2018 09:53:45 GMT
Received: from vs2.iomartmail.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 170DE2204E; Fri, 23 Feb 2018 09:53:45 +0000 (GMT)
Received: from asmtp2.iomartmail.com (unknown [10.12.10.249]) by vs2.iomartmail.com (Postfix) with ESMTPS id 01D8B22048; Fri, 23 Feb 2018 09:53:45 +0000 (GMT)
Received: from 950129200 ([193.57.121.142]) (authenticated bits=0) by asmtp2.iomartmail.com (8.14.4/8.14.4) with ESMTP id w1N9rhUs011067 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 23 Feb 2018 09:53:44 GMT
Reply-To: adrian@olddog.co.uk
From: Adrian Farrel <adrian@olddog.co.uk>
To: draft-nslag-mpls-deprecate-md5@ietf.org
Cc: mpls@ietf.org
References: <151936155507.22555.4623445980972499839@ietfa.amsl.com>
In-Reply-To: <151936155507.22555.4623445980972499839@ietfa.amsl.com>
Date: Fri, 23 Feb 2018 09:53:45 -0000
Message-ID: <044501d3ac8c$32a66180$97f32480$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQKj9WhgkboXE92N4OPCxHbG/q7gaqIRKAAA
Content-Language: en-gb
X-Originating-IP: 193.57.121.142
X-Thinkmail-Auth: adrian@olddog.co.uk
X-TM-AS-GCONF: 00
X-TM-AS-Product-Ver: IMSVA-9.0.0.1623-8.2.0.1013-23680.006
X-TM-AS-Result: No--20.904-10.0-31-10
X-imss-scan-details: No--20.904-10.0-31-10
X-TMASE-Version: IMSVA-9.0.0.1623-8.2.1013-23680.006
X-TMASE-Result: 10--20.903600-10.000000
X-TMASE-MatchedRID: TmlY9+XBoTnCfWGD0cO06hxvtKRJGp0kOkDbNlgmO/UcZFsYO/SuCJae 7w4h3hlTTWLw2jvbfpzxP0/UCnihG+z/6B6gPWlelVHM/F6YkvTzndiJkHFMhBorpeFcAGj3Wmr Yr8SaWTXmAvGlN34zb3jOroZkcrHXouyZccV4bBpCnGIuUMP0VSf3T3aCwFg5sp5O052MzLqeNj YNBwv0SJ4cji764iRv5ehbx3/BnJvLO3gunMXOSbThj82FPFSCHIOuQjCOKFvoN8DSoota+Q0sI x8gjtzlnLXJnjXOCWZXJ4hYFl91+6zzHpDbqlv47DzBuedLDxtdxx6WRf+5sGsxtqQk3w55Cxwp CmXWRWuMWwSUCYb5XjkdnhAukuvBF0rpaZ47th/PmshbRFtLmLyfV74eQpk+yJyq8H6JxQssgdk HScxUMbKdSEPa2dISKzovdsVk88E6dvNUujrkrxzwnpmtY/+r2v7M3owWssjCclRsmT3L/aPFjJ EFr+olfeZdJ1XsorhYoPZAqTBHwlZ0V5tYhzdWxEHRux+uk8irEHfaj14Zya0cd2D7lupwvRbQZ e5ZWz+bVE5KbsR7VL9oY3/sA0aUKzUYJWuDN/4=
X-TMASE-SNAP-Result: 1.821001.0001-0-1-12:0,22:0,33:0,34:0-0
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/xNmdfrRlcCDAaCbMUMBpOyh8hPQ>
Subject: Re: [mpls] I-D Action: draft-nslag-mpls-deprecate-md5-00.txt
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Feb 2018 09:53:52 -0000

Not bad as a stake in the ground, but it raises as many questions as it answers.
Not least among these is the status of TCP-AO implementation without which this
spec is not going to get traction.

You should probably make significant reference to RFC 6952.

Adrian

> -----Original Message-----
> From: I-D-Announce [mailto:i-d-announce-bounces@ietf.org] On Behalf Of
> internet-drafts@ietf.org
> Sent: 23 February 2018 04:53
> To: i-d-announce@ietf.org
> Subject: I-D Action: draft-nslag-mpls-deprecate-md5-00.txt
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts
directories.
> 
> 
>         Title           : Deprecating MD5 for LDP
>         Authors         : Loa Andersson
>                           Stewart Bryant
>                           Andrew G. Malis
>                           Deutshe Telekom
>                           George Swallow
> 	Filename        : draft-nslag-mpls-deprecate-md5-00.txt
> 	Pages           : 6
> 	Date            : 2018-02-22
> 
> Abstract:
>    When the MPLS Label Distribution Protocol (LDP) was specified circa
>    1999, there were very strong requirements that LDP should use a
>    cryptographic hash function to sign LDP protocol messages.  MD5 was
>    widely used at that time, and was the obvious choices.
> 
>    However, even when this decision was being taken there were concerns
>    as to whether MD5 was a strong enough signing option.  This
>    discussion was briefly reflected in section 5.1 of RFC 5036 [RFC5036]
>    (and also in RFC 3036 [RFC3036]).
> 
>    Over time it has been shown that MD5 can be compromised.  Thus, there
>    is a concern shared in the security community and the working groups
>    responsible for the development of the LDP protocol that LDP is no
>    longer adequately secured.
> 
>    This document deprecates MD5 as the signing method for LDP messages.
>    The document also selects a future method to secure LDP messages -
>    the choice is TCP-AO.  In addition, we specify that the TBD
>    cryptographic mechanism is to be the default TCP-AO security method.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-nslag-mpls-deprecate-md5/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-nslag-mpls-deprecate-md5-00
> https://datatracker.ietf.org/doc/html/draft-nslag-mpls-deprecate-md5-00
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> I-D-Announce mailing list
> I-D-Announce@ietf.org
> https://www.ietf.org/mailman/listinfo/i-d-announce
> Internet-Draft directories: http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

v2.23.0 | Report a Bug | By Email