[nfsv4] Id-sha1 as REQUIRED hashing algorithm
David Noveck <davenoveck@gmail.com> Sat, 28 December 2019 12:54 UTC
Return-Path: <davenoveck@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA7F3120113 for <nfsv4@ietfa.amsl.com>; Sat, 28 Dec 2019 04:54:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zRfMqhUk6hps for <nfsv4@ietfa.amsl.com>; Sat, 28 Dec 2019 04:54:42 -0800 (PST)
Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 614E0120020 for <nfsv4@ietf.org>; Sat, 28 Dec 2019 04:54:42 -0800 (PST)
Received: by mail-ed1-x536.google.com with SMTP id j17so27797118edp.3 for <nfsv4@ietf.org>; Sat, 28 Dec 2019 04:54:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=QuZ58UZRrZdKY2824EIyBkUawntDbubCgYnHruvO1XM=; b=QBZ8v5yNk5zIwVNWsfnLfBwUmXX97jb7B+AySkXQdDZXCKEnJCpxxgw2ZJiDOVJfiu CgCl72OxVh6MvSjV65cY8bBkuSCZ4lVtVH5JmSgK4s3fFqf/8X7OZgKddMGTvqj2D7zE A/FT3/Bwi+h7+1fmWKDYz32+brKOEsXLwlVi0tG70hly+Ct+Roq51OP3ifVXNEVKELYE mYWsWZ+8hakWa8pOjGavXZHw4av0Lf0Y2wXHz39qiFPAP5SwMoNOsHPrW8K3KpquMKPm eScFqKjSp6m6kVqe02ymn4o08uEQBBJenjgJKIVDo/hB3fkOenTxe2Fr7FIYOtj63OOO S4Mw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=QuZ58UZRrZdKY2824EIyBkUawntDbubCgYnHruvO1XM=; b=YCJP/1hc6sC6i33vNfVT02288skmYcgTTiyMbb7sYb1dNsYA3VPp3LP04J7MGhoCy5 zQYccxQg7NgTyuSxS5cZxsNFkKZvw4anWMEyxuvKfqgNGLJfUroeULeF1wCTb4Fe8Aze nobzzcw0RzNJOy9MWQ1EsMpQv4q7XUb595RUgHg2URbB5EjAqbD22lw/iWudOOXoPbvS Ry77ZJDwHyxnAkv/FJxYKLhutlgGWaqvowKYNu5fJf1gI169eONUJfJJwkyhU+dwiQuz JIkmNL3TmkRTET7G3AkzzfrXPd/VY1/1hctWd9mShVNYZILlwIBx1aiUfWS3QZqKHI3t Hf4w==
X-Gm-Message-State: APjAAAUykFhVVvOmnMDScDtbin+R0/2rqGIfh2IsYy3D2RpUx8Zhz0Ny 7Ai0QEa2gCsISaP69D7ZqA8I6FkfJoMHPYb2kZQLcA==
X-Google-Smtp-Source: APXvYqxhnZaofk90vTJu3MMDIiUwrPDkoDm5BRVIKLD9K9b92f3Hj87EqfzzGQAqUD5jZfpQnAm0ZgTXaFXhOAcdkF8=
X-Received: by 2002:a17:906:cc8b:: with SMTP id oq11mr60574972ejb.193.1577537680535; Sat, 28 Dec 2019 04:54:40 -0800 (PST)
MIME-Version: 1.0
From: David Noveck <davenoveck@gmail.com>
Date: Sat, 28 Dec 2019 07:54:25 -0500
Message-ID: <CADaq8jdW_Gd1moswH9OhazSC5s3K85Of8JFCcbeKtF9p_mQmVA@mail.gmail.com>
To: NFSv4 <nfsv4@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000011766e059ac31d1d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/PQNVpT5bMqyyiDO_HPXJdGthWgk>
Subject: [nfsv4] Id-sha1 as REQUIRED hashing algorithm
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Dec 2019 12:54:45 -0000
In following up on the comments on rfc5661sesqui, I've been reminded of the fact that reviews of a previous iteration of the document had raised the issue of the (server-) REQUIRED status of id-sha1 as a hashing algorithm in rfc5661. It turns out that I indicated that the working group woud need to be consulted about potential compatibility issues and then just forgot about it :-(. If anyone knows of compatibility issues or is concerned about the possibility of them arising from dropping this as hash algorithm for which server support is REQUIRED, please let me know as soon as you can. Although I could be wrong, it seems to me that such compatibility issues could arise only if a client were to do an EXCHANGE_ID with ssp_hash_alg<> including id-sha1 and no other server-REQUIRED hash algorithm. People in the security directorate are understandably concerned about approving a Proposed Standard specifying, as REQUIRED, server support for hashing using a hashing algorithm for which the generation of collisions has been demonstrated. However, given the limited scope of the review for this document (according to the rules in draft-roach-bis-documents), we could defer this to rfc5661bis, which I would prefer to do, since I think it is better to address NFSv4's security weaknesses together rather than in a piecemeal fashion. Nevertheless, I expect this issue to keep coming up, and I want to be clear whether the potential compatibility issue is of any concern.
- [nfsv4] Id-sha1 as REQUIRED hashing algorithm David Noveck