Re: [multipathtcp] Replacing SHA-1 with SHA-256

Greg Greenway <ggreenway@apple.com> Wed, 15 March 2017 23:09 UTC

Return-Path: <ggreenway@apple.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C19C129C4C for <multipathtcp@ietfa.amsl.com>; Wed, 15 Mar 2017 16:09:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UddYN8VNIuoy for <multipathtcp@ietfa.amsl.com>; Wed, 15 Mar 2017 16:09:29 -0700 (PDT)
Received: from mail-in2.apple.com (mail-out2.apple.com [17.151.62.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DC7F129C47 for <multipathtcp@ietf.org>; Wed, 15 Mar 2017 16:09:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1489619368; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-transfer-encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=zu3l4G8JaGKTEo0b4O7zMoR6sevvsi8WopvHAV+BnIo=; b=hazYCM64TlqA5x3s2mTS/EHMgF9PBYVJYpL3hp78/22iC1b94gsDLZVlQYPCFKLM cRe8KuuEN7+cjZ/+TjZxKafvJjtSvNE/iaPleKdMozBzaiiHxuor30XbLh1+HYsN eJqO1CHMkX2FyIJPWdL7xhaBZXsaD31jRwhe3ZmTeBRKhhLZ3JogY0CXlBT/BG+O n+x54hWgPFwVtOY8zdv92t0Tl0ylA6m57cM8a31ii/kRskP3U97oXj8pcDs+Zm3y W08/B1kHltk0Wb/rqwiG1F939t2MpvvHQKY7AgL89XzBb4HP32GgPkydL+qh2qMG 4fSy3pqqrVdqxi8jP35oTw==;
Received: from relay6.apple.com (relay6.apple.com [17.128.113.90]) by mail-in2.apple.com (Apple Secure Mail Relay) with SMTP id 4F.E8.30096.7A9C9C85; Wed, 15 Mar 2017 16:09:28 -0700 (PDT)
X-AuditID: 11973e11-0d9ff70000007590-f0-58c9c9a78eeb
Received: from jimbu (jimbu.apple.com [17.151.62.37]) by relay6.apple.com (Apple SCV relay) with SMTP id 3F.22.18018.7A9C9C85; Wed, 15 Mar 2017 16:09:27 -0700 (PDT)
MIME-version: 1.0
Content-type: text/plain; charset=utf-8
Received: from [17.149.214.135] (unknown [17.149.214.135]) by jimbu.apple.com (Oracle Communications Messaging Server 8.0.1.2.20170210 64bit (built Feb 10 2017)) with ESMTPSA id <0OMV00IWQPNQRW90@jimbu.apple.com>; Wed, 15 Mar 2017 16:09:27 -0700 (PDT)
Sender: ggreenway@apple.com
From: Greg Greenway <ggreenway@apple.com>
In-reply-to: <d7923793-51de-a214-5cbc-b610ca79ac2f@uclouvain.be>
Date: Wed, 15 Mar 2017 16:09:26 -0700
Cc: Alan Ford <alan.ford@gmail.com>, multipathtcp@ietf.org
Content-transfer-encoding: quoted-printable
Message-id: <662A6FEA-0514-412E-AFA3-B1F4754FB218@apple.com>
References: <5254457A-9922-4E02-8A60-18E712A3EE5D@gmail.com> <ED4CCFD3-35DB-4EE5-B4C0-6F80D590580C@apple.com> <d7923793-51de-a214-5cbc-b610ca79ac2f@uclouvain.be>
To: Olivier.Bonaventure@uclouvain.be
X-Mailer: Apple Mail (2.3259)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrGLMWRmVeSWpSXmKPExsUi2FAYpbvi5MkIg/2HLC1WnlvBbPF59XU2 ixsNP1gcmD12zrrL7rFkyU8mj1fHvrMEMEdx2aSk5mSWpRbp2yVwZUxoPcZaMIGvYsL6r6wN jOe5uxg5OSQETCR+TjzJ3MXIxSEksJdR4tGL56wwie4PbUwQiWWMEuvPfgNL8AoISvyYfI+l i5GDg1lAXWLKlFyImkYmif0r2llAaoQFpCV6u58zQtgWEneuPmAHsdkENIHslUwgNqeAg0TT 1GvMIDaLgKpEf8NLMJtZwEri8I67LBC2tsSTdxeg9tpILLr+hA1i2VJGidtHtoENFRFQkZjc 95wZ4mpZibe/loC9IyGwhU1i64It7BMYhWchOXwWwuGzkOxYwMi8ilEoNzEzRzczz0gvsaAg J1UvOT93EyMo4KfbCe5gPL7K6hCjAAejEg/vBN+TEUKsiWXFlbmHGKU5WJTEeTkXn4gQEkhP LEnNTk0tSC2KLyrNSS0+xMjEwSnVwPjw6d2oY58eNArvDnghyt9bczT/hoSN4jL9Z3OjOc64 OBrPLYyIvq0j8oLZ9NSjfZt+tgjpBs33lDb8of+51aqypCBRX7xufZj0vbXvX2rKdCWrdXF8 8r3b1TU1wmX+8/cKTdN+P4ppqZQIr9a5uOv6q9i8kBvr6uYqWD3VeRkye36lpGiehBJLcUai oRZzUXEiAMmygJdZAgAA
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprBIsWRmVeSWpSXmKPExsUiON1OVXf5yZMRBpP+K1msPLeC2eLz6uts FjcafrA4MHvsnHWX3WPJkp9MHq+OfWcJYI7isklJzcksSy3St0vgypjQeoy1YAJfxYT1X1kb GM9zdzFyckgImEh0f2hj6mLk4hASWMYosf7sN1aQBK+AoMSPyfdYuhg5OJgF1CWmTMmFqGlk kti/op0FpEZYQFqit/s5I4RtIXHn6gN2EJtNQBPIXskEYnMKOEg0Tb3GDGKzCKhK9De8BLOZ BawkDu+4ywJha0s8eXcBaq+NxKLrT9ggli1llLh9ZBvYUBEBFYnJfc+ZIa6WlXj7awnzBEaB WUhunYVw6ywkYxcwMq9iFChKzUmsNNNLLCjISdVLzs/dxAgK0IbCqB2MDcutDjEKcDAq8fBO 8D0ZIcSaWFZcmXuIUYKDWUmEN3o/UIg3JbGyKrUoP76oNCe1+BBjFdAzE5mlRJPzgdGTVxJv aGJiYGJsbGZsbG5iThVhJXHeX1pAmwXSE0tSs1NTC1KLYJYzcXBKNTAqH2dJtH28JinZ81zH p3Cxj2c3xH08G8a7TsPb8tv1eDFxpx++qTcPnv83xVGzfv1Jy90PWJqlWlrPar1/xpmXePCT hNiJq5OZL8hFmCqv3yUWH90dvu2ujN6VAI6m3EK7docQ6y/HS+RNzqo9zDvQy6R8dv+1WZt1 1dNtRG7/OLE3O8i630eJpTgj0VCLuag4EQB2BrWmqwIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/e5r5O1JyqancvMg5zyH0QwVYi3k>
Subject: Re: [multipathtcp] Replacing SHA-1 with SHA-256
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Mar 2017 23:09:31 -0000

> On Mar 15, 2017, at 3:17 PM, Olivier Bonaventure <olivier.bonaventure@uclouvain.be> wrote:
> 
> On 15/03/17 22:31, Greg Greenway wrote:
>> Would this change also set a different bit in the MP_CAPABLE option for
>> crypto algorithm negotiation (eg set bit G for SHA-256, instead of the
>> current bit H for SHA-1)?
> 
> 
> No, this idea is that SHA-256 would apply to RFC6824bis, i.e. the standard track version of MPTCP while SHA-1 applies to RFC6824

Ok, but this will use MPTCP protocol version 1, whereas anything using SHA-1 will use protocol version 0, correct?  If that's the case, I have no objections.

> 
> Olivier
>>> On Mar 13, 2017, at 1:44 PM, Alan Ford <alan.ford@gmail.com
>>> <mailto:alan.ford@gmail.com>> wrote:
>>> 
>>> Hi all,
>>> 
>>> It’s been flagged up off-list that given SHA-1 is being deprecated, we
>>> should probably look to replace it with SHA-256 in 6824bis. Even
>>> though we use truncations of these hashes, the benefits gained from
>>> SHA-256 are maybe not significant, but does mean that legacy SHA-1
>>> code would not be required by implementors.
>>> 
>>> Does anyone have any concerns about such a change? We do not believe
>>> it would be significant and could be a direct drop-in in the places
>>> where SHA-1 is referenced and used today.
>>> 
>>> Regards,
>>> Alan
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> multipathtcp mailing list
>>> multipathtcp@ietf.org <mailto:multipathtcp@ietf.org>
>>> https://www.ietf.org/mailman/listinfo/multipathtcp
>> 
>> 
>> 
>> _______________________________________________
>> multipathtcp mailing list
>> multipathtcp@ietf.org
>> https://www.ietf.org/mailman/listinfo/multipathtcp
>> 
>