IETF Logo Mail Archive

Re: [OPSEC] minutes part 2

R Atkinson <ran.atkinson@gmail.com> Mon, 29 December 2008 21:55 UTC

Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DAD5C3A67FD; Mon, 29 Dec 2008 13:55:03 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8BA193A677C for <opsec@core3.amsl.com>; Mon, 29 Dec 2008 13:55:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PLYEGMqBwfkv for <opsec@core3.amsl.com>; Mon, 29 Dec 2008 13:55:01 -0800 (PST)
Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.26]) by core3.amsl.com (Postfix) with ESMTP id 61EF93A67FD for <opsec@ietf.org>; Mon, 29 Dec 2008 13:55:01 -0800 (PST)
Received: by qw-out-2122.google.com with SMTP id 3so2776203qwe.31 for <opsec@ietf.org>; Mon, 29 Dec 2008 13:54:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime-version :subject:date:references:x-mailer; bh=mLeVS4sfY0f5zi4VaYPe1o6NWevz0Iy5TwC9cQ3+vS4=; b=g5BkC2G1kxoNAwb6grbNL2kHJPpXmhEchdhRJVv8YgzOJwcL2W+u09EswJiL/Xhvbg 7IvXvZhm1qcZWX7C0Pc11vb14v6wK+grpAtdPmD79fKfhuU7z6G5EXTz5Ul5HoC+XFjW mSvEKlvG5qMVdmzsDraolOQIzAY5Fo1r/GD/o=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:from:to:in-reply-to:content-type :content-transfer-encoding:mime-version:subject:date:references :x-mailer; b=IbUWMLkunJsj8AQtOyPOBoeVH/R+EhYeA5TCdBkrzfUn9Qj6SQzSOM3uNQjmDAS/mH QDMfmKbykHpLa6HG/KSCwKb3V5rCFkvy/q87/qkneiTLU41JQ3aNty7ooVKrypPS88uk iYCpoKZG+V0m/IZ4UtfKgUsPU2AAShm2SMC74=
Received: by 10.214.114.10 with SMTP id m10mr11743929qac.306.1230587689613; Mon, 29 Dec 2008 13:54:49 -0800 (PST)
Received: from ?10.30.20.71? (pool-72-84-80-181.nrflva.fios.verizon.net [72.84.80.181]) by mx.google.com with ESMTPS id 7sm8855154ywo.20.2008.12.29.13.54.48 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 29 Dec 2008 13:54:49 -0800 (PST)
Message-Id: <104A40DD-D2FB-48F2-A5D2-28C0E4ADA663@gmail.com>
From: R Atkinson <ran.atkinson@gmail.com>
To: opsec@ietf.org
In-Reply-To: <77ead0ec0812291316h75c87da3i190cb23996e09a10@mail.gmail.com>
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Mon, 29 Dec 2008 16:54:44 -0500
References: <EC3F7E1D-F7C8-484A-A0C0-1A25E79AD86E@extremenetworks.com> <77ead0ec0812161616r5cc782c5j69415f75d4aa82bb@mail.gmail.com> <7EBC9C5C-EDF9-4CDD-8E1B-B9D05656ACAA@gmail.com> <494D48B6.9090302@bogus.com> <77ead0ec0812222113m28f91093ke6512a5d7a287b0c@mail.gmail.com> <1D5F3F5F-4357-4E25-BEDE-35300949EDB8@gmail.com> <77ead0ec0812231006u55443dacn1731f51a8e922b62@mail.gmail.com> <8CA72870-DEB9-4979-8478-ED5467AF3DD3@gmail.com> <77ead0ec0812231556t73e24f17m9d52862672b22dc5@mail.gmail.com> <4070E95B-4E30-4B1F-90F1-B20F67EDEDFF@gmail.com> <77ead0ec0812291316h75c87da3i190cb23996e09a10@mail.gmail.com>
X-Mailer: Apple Mail (2.930.3)
Subject: Re: [OPSEC] minutes part 2
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

On  29 Dec 2008, at 16:16, Vishwas Manral wrote:
> That is good. So we agree that NIST atleast encourages the protocol
> designers to use the algorithms. :)

Well, your words above are not what I said.

NIST prefers SHA-2 over other shorter forms of SHA,
probably because NIST (for now) can only recommend SHA
(as it is the only NIST hashing algorithm), NIST have
to recommend *something*, and SHA-2 has the longest
key size.

> We probably also agree that there
> is cutomer request for the use of the SHA algorithms as has been
> brought out by others too.

I'm the one who started the whole effort on SHA for IGPs,
just as I'm the one who started the whole effort to add
cryptographic authentication to IGPs last decade.
Having SHA as an option is sensible because it solves
a *policy* problem for some US Government users, including
some parts of DoD.  This was all covered in my past IETF
presentations.

> I have been following the NIST development of the new protocol and it
> is very well known inside the community  that any new algorithm to
> replace SHA will be deployable only 10 years or so later.

I disagree with your 10 year assessment.  AES deployed MUCH
MUCH more rapidly, after following a similar process for
public submission, public review, etc.  The IPsec magic
number for AES was allocated by IANA shortly after the AES
selection was announced by NIST, and there were interoperable
implementations of AES-CBC for IPsec ESP shortly after that
(even before the I-D appeared, as I recall).

> Regarding the talk of SHA algorithm having issues are correct however
> after talking to cryptographers who have evaluated the current attacks
> - it seems clear to them that MD5 strength is considerably lesser than
> the SHA algorithm strengths. I will send you the details in another
> mail. I have already shared the same with the WG chair.

I've consistently asked for a peer reviewed paper.
I like Hugo, but an email containing another person's
opinion is not a peer-reviewed paper.

Mind, such paper ought to be about the algorithms *in the modes
used for IGPs* since the matter at hand is IGPs.

If someone has done some formal maths and published it,
in some peer reviewed forum, please provide a citation
(or URL or something) to that paper so everyone can read it.

Hugo publishes from time to time, if he has published on
this, it would be helpful if he'd provide the full
citation (a URL to the paper would also be nice).

> It also seems clear from talks with the AD's that MD5 is not
> recommended in any form for any cryptographic use - it is however
> still not the case for SHA algorithm.

Thanks, but I'll wait for whichever ADs you mean above
to speak directly for themselves.

(Aside: MD5 was never a NIST algorithm; it isn't a surprise
to me that NIST hasn't recommended a non-NIST algorithm
for any uses.)

Cheers,

Ran
rja@extremenetworks.com



_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

v2.23.0 | Report a Bug | By Email