Re: [mpls] I-D Action: draft-nslag-mpls-deprecate-md5-00.txt
"Adrian Farrel" <adrian@olddog.co.uk> Fri, 23 February 2018 09:53 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E22A126BF0; Fri, 23 Feb 2018 01:53:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tps4ODdcEx0s; Fri, 23 Feb 2018 01:53:50 -0800 (PST)
Received: from mta7.iomartmail.com (mta7.iomartmail.com [62.128.193.157]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E9101242EA; Fri, 23 Feb 2018 01:53:47 -0800 (PST)
Received: from vs2.iomartmail.com (vs2.iomartmail.com [10.12.10.123]) by mta7.iomartmail.com (8.14.4/8.14.4) with ESMTP id w1N9rj3T012094; Fri, 23 Feb 2018 09:53:45 GMT
Received: from vs2.iomartmail.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 170DE2204E; Fri, 23 Feb 2018 09:53:45 +0000 (GMT)
Received: from asmtp2.iomartmail.com (unknown [10.12.10.249]) by vs2.iomartmail.com (Postfix) with ESMTPS id 01D8B22048; Fri, 23 Feb 2018 09:53:45 +0000 (GMT)
Received: from 950129200 ([193.57.121.142]) (authenticated bits=0) by asmtp2.iomartmail.com (8.14.4/8.14.4) with ESMTP id w1N9rhUs011067 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 23 Feb 2018 09:53:44 GMT
Reply-To: adrian@olddog.co.uk
From: Adrian Farrel <adrian@olddog.co.uk>
To: draft-nslag-mpls-deprecate-md5@ietf.org
Cc: mpls@ietf.org
References: <151936155507.22555.4623445980972499839@ietfa.amsl.com>
In-Reply-To: <151936155507.22555.4623445980972499839@ietfa.amsl.com>
Date: Fri, 23 Feb 2018 09:53:45 -0000
Message-ID: <044501d3ac8c$32a66180$97f32480$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQKj9WhgkboXE92N4OPCxHbG/q7gaqIRKAAA
Content-Language: en-gb
X-Originating-IP: 193.57.121.142
X-Thinkmail-Auth: adrian@olddog.co.uk
X-TM-AS-GCONF: 00
X-TM-AS-Product-Ver: IMSVA-9.0.0.1623-8.2.0.1013-23680.006
X-TM-AS-Result: No--20.904-10.0-31-10
X-imss-scan-details: No--20.904-10.0-31-10
X-TMASE-Version: IMSVA-9.0.0.1623-8.2.1013-23680.006
X-TMASE-Result: 10--20.903600-10.000000
X-TMASE-MatchedRID: TmlY9+XBoTnCfWGD0cO06hxvtKRJGp0kOkDbNlgmO/UcZFsYO/SuCJae 7w4h3hlTTWLw2jvbfpzxP0/UCnihG+z/6B6gPWlelVHM/F6YkvTzndiJkHFMhBorpeFcAGj3Wmr Yr8SaWTXmAvGlN34zb3jOroZkcrHXouyZccV4bBpCnGIuUMP0VSf3T3aCwFg5sp5O052MzLqeNj YNBwv0SJ4cji764iRv5ehbx3/BnJvLO3gunMXOSbThj82FPFSCHIOuQjCOKFvoN8DSoota+Q0sI x8gjtzlnLXJnjXOCWZXJ4hYFl91+6zzHpDbqlv47DzBuedLDxtdxx6WRf+5sGsxtqQk3w55Cxwp CmXWRWuMWwSUCYb5XjkdnhAukuvBF0rpaZ47th/PmshbRFtLmLyfV74eQpk+yJyq8H6JxQssgdk HScxUMbKdSEPa2dISKzovdsVk88E6dvNUujrkrxzwnpmtY/+r2v7M3owWssjCclRsmT3L/aPFjJ EFr+olfeZdJ1XsorhYoPZAqTBHwlZ0V5tYhzdWxEHRux+uk8irEHfaj14Zya0cd2D7lupwvRbQZ e5ZWz+bVE5KbsR7VL9oY3/sA0aUKzUYJWuDN/4=
X-TMASE-SNAP-Result: 1.821001.0001-0-1-12:0,22:0,33:0,34:0-0
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/xNmdfrRlcCDAaCbMUMBpOyh8hPQ>
Subject: Re: [mpls] I-D Action: draft-nslag-mpls-deprecate-md5-00.txt
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Feb 2018 09:53:52 -0000
Not bad as a stake in the ground, but it raises as many questions as it answers. Not least among these is the status of TCP-AO implementation without which this spec is not going to get traction. You should probably make significant reference to RFC 6952. Adrian > -----Original Message----- > From: I-D-Announce [mailto:i-d-announce-bounces@ietf.org] On Behalf Of > internet-drafts@ietf.org > Sent: 23 February 2018 04:53 > To: i-d-announce@ietf.org > Subject: I-D Action: draft-nslag-mpls-deprecate-md5-00.txt > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > > > Title : Deprecating MD5 for LDP > Authors : Loa Andersson > Stewart Bryant > Andrew G. Malis > Deutshe Telekom > George Swallow > Filename : draft-nslag-mpls-deprecate-md5-00.txt > Pages : 6 > Date : 2018-02-22 > > Abstract: > When the MPLS Label Distribution Protocol (LDP) was specified circa > 1999, there were very strong requirements that LDP should use a > cryptographic hash function to sign LDP protocol messages. MD5 was > widely used at that time, and was the obvious choices. > > However, even when this decision was being taken there were concerns > as to whether MD5 was a strong enough signing option. This > discussion was briefly reflected in section 5.1 of RFC 5036 [RFC5036] > (and also in RFC 3036 [RFC3036]). > > Over time it has been shown that MD5 can be compromised. Thus, there > is a concern shared in the security community and the working groups > responsible for the development of the LDP protocol that LDP is no > longer adequately secured. > > This document deprecates MD5 as the signing method for LDP messages. > The document also selects a future method to secure LDP messages - > the choice is TCP-AO. In addition, we specify that the TBD > cryptographic mechanism is to be the default TCP-AO security method. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-nslag-mpls-deprecate-md5/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-nslag-mpls-deprecate-md5-00 > https://datatracker.ietf.org/doc/html/draft-nslag-mpls-deprecate-md5-00 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > I-D-Announce mailing list > I-D-Announce@ietf.org > https://www.ietf.org/mailman/listinfo/i-d-announce > Internet-Draft directories: http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
- Re: [mpls] I-D Action: draft-nslag-mpls-deprecate… Adrian Farrel