Re: [multipathtcp] Replacing SHA-1 with SHA-256

Yoshifumi Nishida <nishida@sfc.wide.ad.jp> Wed, 15 March 2017 23:52 UTC

Return-Path: <nishida@sfc.wide.ad.jp>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2763212EA76 for <multipathtcp@ietfa.amsl.com>; Wed, 15 Mar 2017 16:52:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Eqw3ai6VinD for <multipathtcp@ietfa.amsl.com>; Wed, 15 Mar 2017 16:52:30 -0700 (PDT)
Received: from mail.sfc.wide.ad.jp (shonan.sfc.wide.ad.jp [IPv6:2001:200:0:8803::53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECFA812E852 for <multipathtcp@ietf.org>; Wed, 15 Mar 2017 16:52:29 -0700 (PDT)
Received: from mail-ot0-f178.google.com (mail-ot0-f178.google.com [74.125.82.178]) by mail.sfc.wide.ad.jp (Postfix) with ESMTPSA id B180C279D3B for <multipathtcp@ietf.org>; Thu, 16 Mar 2017 08:52:27 +0900 (JST)
Received: by mail-ot0-f178.google.com with SMTP id 19so37736055oti.0 for <multipathtcp@ietf.org>; Wed, 15 Mar 2017 16:52:27 -0700 (PDT)
X-Gm-Message-State: AFeK/H38lUsK3c3X2QDPFxRqapZTV/GLL8qQJSaY6eGh0aS15JyktGXUPLAnFoBdE+q6Ko9EpAqCB9V2Grh/OA==
X-Received: by 10.157.61.202 with SMTP id l68mr3505711otc.242.1489621946220; Wed, 15 Mar 2017 16:52:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.82.27 with HTTP; Wed, 15 Mar 2017 16:52:25 -0700 (PDT)
In-Reply-To: <662A6FEA-0514-412E-AFA3-B1F4754FB218@apple.com>
References: <5254457A-9922-4E02-8A60-18E712A3EE5D@gmail.com> <ED4CCFD3-35DB-4EE5-B4C0-6F80D590580C@apple.com> <d7923793-51de-a214-5cbc-b610ca79ac2f@uclouvain.be> <662A6FEA-0514-412E-AFA3-B1F4754FB218@apple.com>
From: Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
Date: Wed, 15 Mar 2017 16:52:25 -0700
X-Gmail-Original-Message-ID: <CAO249ycemkEn_-iMDNwNdf3yVQMDgBRnQnX20aszwT9V19C-jQ@mail.gmail.com>
Message-ID: <CAO249ycemkEn_-iMDNwNdf3yVQMDgBRnQnX20aszwT9V19C-jQ@mail.gmail.com>
To: Greg Greenway <ggreenway@apple.com>
Cc: "Olivier.Bonaventure@uclouvain.be" <Olivier.Bonaventure@uclouvain.be>, multipathtcp <multipathtcp@ietf.org>
Content-Type: multipart/alternative; boundary=001a11492f9af44c9a054acda20e
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/gatTJ6WcdCdtXEgE250a4YfVgyI>
Subject: Re: [multipathtcp] Replacing SHA-1 with SHA-256
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Mar 2017 23:52:32 -0000

We probably will need to discuss this in the Chicago meeting to make sure.
We also would like to see if security experts have some opinions on using
SHA-256 or have other recommendations.
--
Yoshi

On Wed, Mar 15, 2017 at 4:09 PM, Greg Greenway <ggreenway@apple.com> wrote:

>
> > On Mar 15, 2017, at 3:17 PM, Olivier Bonaventure <olivier.bonaventure@
> uclouvain.be> wrote:
> >
> > On 15/03/17 22:31, Greg Greenway wrote:
> >> Would this change also set a different bit in the MP_CAPABLE option for
> >> crypto algorithm negotiation (eg set bit G for SHA-256, instead of the
> >> current bit H for SHA-1)?
> >
> >
> > No, this idea is that SHA-256 would apply to RFC6824bis, i.e. the
> standard track version of MPTCP while SHA-1 applies to RFC6824
>
> Ok, but this will use MPTCP protocol version 1, whereas anything using
> SHA-1 will use protocol version 0, correct?  If that's the case, I have no
> objections.
>
> >
> > Olivier
> >>> On Mar 13, 2017, at 1:44 PM, Alan Ford <alan.ford@gmail.com
> >>> <mailto:alan.ford@gmail.com>> wrote:
> >>>
> >>> Hi all,
> >>>
> >>> It’s been flagged up off-list that given SHA-1 is being deprecated, we
> >>> should probably look to replace it with SHA-256 in 6824bis. Even
> >>> though we use truncations of these hashes, the benefits gained from
> >>> SHA-256 are maybe not significant, but does mean that legacy SHA-1
> >>> code would not be required by implementors.
> >>>
> >>> Does anyone have any concerns about such a change? We do not believe
> >>> it would be significant and could be a direct drop-in in the places
> >>> where SHA-1 is referenced and used today.
> >>>
> >>> Regards,
> >>> Alan
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> multipathtcp mailing list
> >>> multipathtcp@ietf.org <mailto:multipathtcp@ietf.org>
> >>> https://www.ietf.org/mailman/listinfo/multipathtcp
> >>
> >>
> >>
> >> _______________________________________________
> >> multipathtcp mailing list
> >> multipathtcp@ietf.org
> >> https://www.ietf.org/mailman/listinfo/multipathtcp
> >>
> >
>
> _______________________________________________
> multipathtcp mailing list
> multipathtcp@ietf.org
> https://www.ietf.org/mailman/listinfo/multipathtcp
>