Re: [OPSEC] draft-bhatia-manral-igp-crypto-requirements-03.txt
"Christopher Morrow" <morrowc.lists@gmail.com> Fri, 05 December 2008 12:27 UTC
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 238713A6C00; Fri, 5 Dec 2008 04:27:16 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A91973A6C67 for <opsec@core3.amsl.com>; Fri, 5 Dec 2008 04:27:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Yc15akZXpiW for <opsec@core3.amsl.com>; Fri, 5 Dec 2008 04:27:13 -0800 (PST)
Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.30]) by core3.amsl.com (Postfix) with ESMTP id 682963A68BF for <opsec@ietf.org>; Fri, 5 Dec 2008 04:27:13 -0800 (PST)
Received: by yx-out-2324.google.com with SMTP id 8so2009841yxg.49 for <opsec@ietf.org>; Fri, 05 Dec 2008 04:27:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references :x-google-sender-auth; bh=GSyl1jbZTxYAwT+V68oSC71Fv9v1A1YT8lPg5WRXKPU=; b=XZbypnJc6b8BvkyY4LQoFlP6CqLH1j7T6PB3Fei9X3Oge/xX2c6ioLca3hB/KSyJE7 8WldK1/Zxsl+C5JVU5yQ6SuR/cq14VzUncDlG2k0Cw203IL0kF3hKdRUyt6S3o+5uTG+ UcXYHB4BbSriMuU67bHaYDRDcX+3Jnf7YHFVw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references:x-google-sender-auth; b=WxLOEnkiJliHAzobaW66ZpxpsI4+vGPxb8iKkAbyJf9yT18Yndx4YzzoCujcPOs5bO 8BEg/A+u3BGxYVlngaCn9RgxiC5XXwB71tWh3Nm6mVQbKtY+kPXiLfgs6v7YgDz0wUjZ KyRoZgcr/bxj4j2W/PoAQ6P1lKqp73MNFmvKg=
Received: by 10.100.189.10 with SMTP id m10mr8638766anf.118.1228480028615; Fri, 05 Dec 2008 04:27:08 -0800 (PST)
Received: by 10.100.153.20 with HTTP; Fri, 5 Dec 2008 04:27:08 -0800 (PST)
Message-ID: <75cb24520812050427mbc1942cuf7c7d7eb424463b@mail.gmail.com>
Date: Fri, 05 Dec 2008 07:27:08 -0500
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Joel Jaeggli <joelja@bogus.com>
In-Reply-To: <75cb24520812050425p1a52602bydb18e3878d540eb@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
References: <6D26D1FE43A66F439F8109CDD424196502356DBA@INEXC1U01.in.lucent.com> <92c950310812030850q5c76f39ak1754c70dc216a354@mail.gmail.com> <4938D042.8090108@bogus.com> <75cb24520812050425p1a52602bydb18e3878d540eb@mail.gmail.com>
X-Google-Sender-Auth: 4a1cf5852b7752db
Cc: opsec wg mailing list <opsec@ietf.org>
Subject: Re: [OPSEC] draft-bhatia-manral-igp-crypto-requirements-03.txt
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org
(initially sent with wrong src-addr, apologies) On Fri, Dec 5, 2008 at 7:25 AM, Christopher Morrow <christopher.morrow@gmail.com> wrote: > On Fri, Dec 5, 2008 at 1:54 AM, Joel Jaeggli <joelja@bogus.com> wrote: >> Glen Kent wrote: >>> Hi, >>> >>> Overall, the draft looks in good shape and i support it. >>> >>> One small comment though - I think their concern regarding the lack of >>> security offered by MD5 for the routing protocols is misplaced. I am >>> referring to the Introduction in that above draft. I agree that while >>> it might be possible to spoof an acceptable MD5 digest, it is near >>> impossible to spoof what might be an acceptable routing protocol >>> packet with an acceptable spoofed digest.So, the authors might want to >>> tone down their concern in that section! >> >> The general problem of being able to produce collisions with md5 digests >> does kind of make one inclined to deprecate their use when possible even > > to be able to make a collision with content worthwhile to the problem > space seems very limited, knowing the key and spitting out a packet on > the wire which is signed would be far simpler. > >> when there are a limited set of circumstances under which it can be >> exploited. MD5 is used in lots of places and it will take a very long >> time to remove it from many of them... The law of unintended >> consequences says if I leave the MD5 library in my toolchain someone >> will eventually use it for some purpose for which it is totally unsuitable. >> > > I agree that longer term migrating away so it's not re-used in a bad > place/way is fine... I think people often stop with: "Md5 has > collisions so we shouldn't use it" before asking if making a collision > in their circumstances is relevant or possible in a timely fashion. > >> I think description of the deprecation of md5 limitations in paragraph 3 >> of the introduction could use some help. >> >> one document that similarly addressed this subject I saw recently was: >> >> http://tools.ietf.org/html/draft-ietf-dnsext-tsig-md5-deprecated-01 >> >> the security considerations second of which describes to motivation >> fairly well. >> >> One concern I would express in the context of how this is done today is >> the persistence of the shared secret used to protect these sessions is >> measured in years notwithstanding the issues around storing things that >> persist that long an attacker with access to the packet stream can avail >> themselves of the opportunity to try to perform tradition brute force >> activities to generate the secret used to hash the data and generate the >> digest the salt in these protocols (eg tcpmd5) is sufficiently large to >> render rainbow tables infeasible... >> > > the secrets stay the same because someone though adding md5 auth to > routing protocols was a good thing (which is probably is in some/many > cases) but stopped there. There was never any thought put into the > operations of the system, just the 'security'... Key rollover/change > is significantly painful that pretty much no one actually does it. > > -Chris > >> That's not really for this draft but it is worth thinking about longer term. >> >>> Glen >>> >>> On Tue, Dec 2, 2008 at 7:32 AM, Bhatia, Manav (Manav) >>> <manav@alcatel-lucent.com> wrote: >>>> Hi, >>>> >>>> We have posted a revised version of the "Cryptographic Authentication >>>> Algorithm Implementation Best Practices for Routing Protocols". >>>> >>>> This has been updated based on the feedback from the list and the IETF >>>> meet where it was suggested that we should (i) do away with the >>>> additional RFC2119 terms that we were using (SHOULD+, MUST-, etc) (ii) >>>> Change the tone of the draft so that its more like best practices rather >>>> than a diktat for protocol developers. >>>> >>>> Additionally, we have also included a small section on RIPng and OSPFv3 >>>> in this draft. >>>> >>>> A URL for this Internet-Draft is: >>>> http://www.ietf.org/internet-drafts/draft-bhatia-manral-igp-crypto-requi >>>> rements-03.txt >>>> >>>> Would appreciate comments and feedback on the version! >>>> >>>> Cheers, Manav >>>> >>>>> -----Original Message----- >>>>> From: opsec-bounces@ietf.org [mailto:opsec-bounces@ietf.org] >>>>> On Behalf Of Joel Jaeggli >>>>> Sent: Saturday, October 11, 2008 2.40 AM >>>>> To: opsec wg mailing list >>>>> Subject: [OPSEC] draft-bhatia-manral-igp-crypto-requirements-00 >>>>> >>>>> We have at least some supporting opinion that this work should not be >>>>> pursued in opsec if it defines requirements. With a recommendations or >>>>> best practices focus it would be an appropriate addition. We should be >>>>> willing to entertain alternative views but I think that's the >>>>> current sense. >>>>> >>>>> joelja >>>>> _______________________________________________ >>>>> OPSEC mailing list >>>>> OPSEC@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/opsec >>>>> >>>> _______________________________________________ >>>> OPSEC mailing list >>>> OPSEC@ietf.org >>>> https://www.ietf.org/mailman/listinfo/opsec >>>> >>> _______________________________________________ >>> OPSEC mailing list >>> OPSEC@ietf.org >>> https://www.ietf.org/mailman/listinfo/opsec >>> >> >> _______________________________________________ >> OPSEC mailing list >> OPSEC@ietf.org >> https://www.ietf.org/mailman/listinfo/opsec >> > _______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec
- [OPSEC] draft-bhatia-manral-igp-crypto-requiremen… Bhatia, Manav (Manav)
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… Glen Kent
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… Joel Jaeggli
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… Christopher Morrow
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… Bhatia, Manav (Manav)
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… Joel Jaeggli
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… Glen Kent