Re: [multipathtcp] Replacing SHA-1 with SHA-256
Yoshifumi Nishida <nishida@sfc.wide.ad.jp> Wed, 15 March 2017 23:52 UTC
Return-Path: <nishida@sfc.wide.ad.jp>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2763212EA76 for <multipathtcp@ietfa.amsl.com>; Wed, 15 Mar 2017 16:52:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Eqw3ai6VinD for <multipathtcp@ietfa.amsl.com>; Wed, 15 Mar 2017 16:52:30 -0700 (PDT)
Received: from mail.sfc.wide.ad.jp (shonan.sfc.wide.ad.jp [IPv6:2001:200:0:8803::53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECFA812E852 for <multipathtcp@ietf.org>; Wed, 15 Mar 2017 16:52:29 -0700 (PDT)
Received: from mail-ot0-f178.google.com (mail-ot0-f178.google.com [74.125.82.178]) by mail.sfc.wide.ad.jp (Postfix) with ESMTPSA id B180C279D3B for <multipathtcp@ietf.org>; Thu, 16 Mar 2017 08:52:27 +0900 (JST)
Received: by mail-ot0-f178.google.com with SMTP id 19so37736055oti.0 for <multipathtcp@ietf.org>; Wed, 15 Mar 2017 16:52:27 -0700 (PDT)
X-Gm-Message-State: AFeK/H38lUsK3c3X2QDPFxRqapZTV/GLL8qQJSaY6eGh0aS15JyktGXUPLAnFoBdE+q6Ko9EpAqCB9V2Grh/OA==
X-Received: by 10.157.61.202 with SMTP id l68mr3505711otc.242.1489621946220; Wed, 15 Mar 2017 16:52:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.82.27 with HTTP; Wed, 15 Mar 2017 16:52:25 -0700 (PDT)
In-Reply-To: <662A6FEA-0514-412E-AFA3-B1F4754FB218@apple.com>
References: <5254457A-9922-4E02-8A60-18E712A3EE5D@gmail.com> <ED4CCFD3-35DB-4EE5-B4C0-6F80D590580C@apple.com> <d7923793-51de-a214-5cbc-b610ca79ac2f@uclouvain.be> <662A6FEA-0514-412E-AFA3-B1F4754FB218@apple.com>
From: Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
Date: Wed, 15 Mar 2017 16:52:25 -0700
X-Gmail-Original-Message-ID: <CAO249ycemkEn_-iMDNwNdf3yVQMDgBRnQnX20aszwT9V19C-jQ@mail.gmail.com>
Message-ID: <CAO249ycemkEn_-iMDNwNdf3yVQMDgBRnQnX20aszwT9V19C-jQ@mail.gmail.com>
To: Greg Greenway <ggreenway@apple.com>
Cc: "Olivier.Bonaventure@uclouvain.be" <Olivier.Bonaventure@uclouvain.be>, multipathtcp <multipathtcp@ietf.org>
Content-Type: multipart/alternative; boundary="001a11492f9af44c9a054acda20e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/gatTJ6WcdCdtXEgE250a4YfVgyI>
Subject: Re: [multipathtcp] Replacing SHA-1 with SHA-256
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Mar 2017 23:52:32 -0000
We probably will need to discuss this in the Chicago meeting to make sure. We also would like to see if security experts have some opinions on using SHA-256 or have other recommendations. -- Yoshi On Wed, Mar 15, 2017 at 4:09 PM, Greg Greenway <ggreenway@apple.com> wrote: > > > On Mar 15, 2017, at 3:17 PM, Olivier Bonaventure <olivier.bonaventure@ > uclouvain.be> wrote: > > > > On 15/03/17 22:31, Greg Greenway wrote: > >> Would this change also set a different bit in the MP_CAPABLE option for > >> crypto algorithm negotiation (eg set bit G for SHA-256, instead of the > >> current bit H for SHA-1)? > > > > > > No, this idea is that SHA-256 would apply to RFC6824bis, i.e. the > standard track version of MPTCP while SHA-1 applies to RFC6824 > > Ok, but this will use MPTCP protocol version 1, whereas anything using > SHA-1 will use protocol version 0, correct? If that's the case, I have no > objections. > > > > > Olivier > >>> On Mar 13, 2017, at 1:44 PM, Alan Ford <alan.ford@gmail.com > >>> <mailto:alan.ford@gmail.com>> wrote: > >>> > >>> Hi all, > >>> > >>> It’s been flagged up off-list that given SHA-1 is being deprecated, we > >>> should probably look to replace it with SHA-256 in 6824bis. Even > >>> though we use truncations of these hashes, the benefits gained from > >>> SHA-256 are maybe not significant, but does mean that legacy SHA-1 > >>> code would not be required by implementors. > >>> > >>> Does anyone have any concerns about such a change? We do not believe > >>> it would be significant and could be a direct drop-in in the places > >>> where SHA-1 is referenced and used today. > >>> > >>> Regards, > >>> Alan > >>> > >>> > >>> > >>> _______________________________________________ > >>> multipathtcp mailing list > >>> multipathtcp@ietf.org <mailto:multipathtcp@ietf.org> > >>> https://www.ietf.org/mailman/listinfo/multipathtcp > >> > >> > >> > >> _______________________________________________ > >> multipathtcp mailing list > >> multipathtcp@ietf.org > >> https://www.ietf.org/mailman/listinfo/multipathtcp > >> > > > > _______________________________________________ > multipathtcp mailing list > multipathtcp@ietf.org > https://www.ietf.org/mailman/listinfo/multipathtcp >
- [multipathtcp] Replacing SHA-1 with SHA-256 Alan Ford
- Re: [multipathtcp] Replacing SHA-1 with SHA-256 Greg Greenway
- Re: [multipathtcp] Replacing SHA-1 with SHA-256 Olivier Bonaventure
- Re: [multipathtcp] Replacing SHA-1 with SHA-256 Greg Greenway
- Re: [multipathtcp] Replacing SHA-1 with SHA-256 Yoshifumi Nishida
- Re: [multipathtcp] Replacing SHA-1 with SHA-256 Alan Ford