IETF Logo Mail Archive

Re: [dnsext] Report from chairs

Francis Dupont <Francis.Dupont@fdupont.fr> Mon, 26 July 2010 07:13 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 871213A69D5; Mon, 26 Jul 2010 00:13:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hf5kmSU8Ecwr; Mon, 26 Jul 2010 00:13:06 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 2869B3A69DF; Mon, 26 Jul 2010 00:13:06 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1OdHpp-0008zd-PK for namedroppers-data0@psg.com; Mon, 26 Jul 2010 07:10:49 +0000
Received: from [2001:41d0:1:6d55:211:5bff:fe98:d51e] (helo=givry.fdupont.fr) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72 (FreeBSD)) (envelope-from <Francis.Dupont@fdupont.fr>) id 1OdHpn-0008z7-1E for namedroppers@ops.ietf.org; Mon, 26 Jul 2010 07:10:47 +0000
Received: from givry.fdupont.fr (localhost [127.0.0.1]) by givry.fdupont.fr (8.14.3/8.14.3) with ESMTP id o6Q7AjoB025253; Mon, 26 Jul 2010 07:10:45 GMT (envelope-from dupont@givry.fdupont.fr)
Message-Id: <201007260710.o6Q7AjoB025253@givry.fdupont.fr>
From: Francis Dupont <Francis.Dupont@fdupont.fr>
To: Andrew Sullivan <ajs@shinkuro.com>
cc: namedroppers@ops.ietf.org
Subject: Re: [dnsext] Report from chairs
In-reply-to: Your message of Sun, 25 Jul 2010 17:39:23 EDT. <20100725213920.GF8017@shinkuro.com>
Date: Mon, 26 Jul 2010 09:10:45 +0200
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>

 In your previous mail you wrote:

   4.  EXPIRED DRAFTS
   
       - draft-ietf-dnsext-tsig-md5-deprecated
   
   Is anyone still interested in this draft?  We have no movement on it.
   
=> there is a clear lack of support for this draft. I propose to give
the question to the security area so they should say if it is fine to
keep MD5 mandatory in an IETF protocol.

Two comments:
 - MD5 is used in a way (HMAC) it is not proved to be weak

 - the issue is MD5 it is forbidden for most (i.e., all I know of :-)
  certified cryptos so it is not possible to run a both certified (for
  the crypto) and conformant (to standards) TSIG tool.
  Now it seems to be only a formal concern...

Thanks

Francis.Dupont@fdupont.fr

v2.23.0 | Report a Bug | By Email