Re: [OPSEC] minutes part 2
R Atkinson <ran.atkinson@gmail.com> Wed, 17 December 2008 00:53 UTC
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 559433A6999; Tue, 16 Dec 2008 16:53:36 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 228BD3A6999 for <opsec@core3.amsl.com>; Tue, 16 Dec 2008 16:53:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id USJBhledb7mT for <opsec@core3.amsl.com>; Tue, 16 Dec 2008 16:53:34 -0800 (PST)
Received: from mail-qy0-f11.google.com (mail-qy0-f11.google.com [209.85.221.11]) by core3.amsl.com (Postfix) with ESMTP id 0ED333A6870 for <opsec@ietf.org>; Tue, 16 Dec 2008 16:53:33 -0800 (PST)
Received: by qyk4 with SMTP id 4so3488417qyk.13 for <opsec@ietf.org>; Tue, 16 Dec 2008 16:53:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:cc:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime-version :subject:date:references:x-mailer; bh=bjvDJpKMzw5EGndhZvbZ8YUrpZVz6tGOD5Q8NOPwfT0=; b=oZeB9l7vimGsNUJ96fdWRz2GoSR9p43x07MjJJ/6BgVb0qhVvwxusVGzSJG81zvc3f 8MiA9+prveEvWulSR8Qjv2hRWI8Sad84V1SWG30j0xDcP0U4b4eBustSnjHgP3h5j+kK cAIBUQPz+kfpV3BnA3ap2fH5CMCs46uCP7C/k=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=cc:message-id:from:to:in-reply-to:content-type :content-transfer-encoding:mime-version:subject:date:references :x-mailer; b=QisbV37Trhu6sAw2rl4UWPIAA69zsW+nae5O19RJTaIUN9k+QnK+mc+hTqecPqnSoG 6N9qk+KOY6m2fswaJhokNJfHhI1Q49knblcGB67h9nrO7NmdLD63J6l68lHCIsDDkmOy wka0aGk6UFEl5i6URWHWzMmUFr1iJbNzlJUJo=
Received: by 10.214.183.17 with SMTP id g17mr85739qaf.265.1229475205846; Tue, 16 Dec 2008 16:53:25 -0800 (PST)
Received: from ?10.10.1.61? (67.111.52.130.ptr.us.xo.net [67.111.52.130]) by mx.google.com with ESMTPS id 9sm1896017yws.28.2008.12.16.16.53.24 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 16 Dec 2008 16:53:25 -0800 (PST)
Message-Id: <12201E12-8A0B-4FBE-95A9-5C8B23DA46EC@gmail.com>
From: R Atkinson <ran.atkinson@gmail.com>
To: Glen Kent <glen.kent@gmail.com>
In-Reply-To: <92c950310812161620j7d8aaa16m553940edadbe6d8f@mail.gmail.com>
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Tue, 16 Dec 2008 19:53:23 -0500
References: <EC3F7E1D-F7C8-484A-A0C0-1A25E79AD86E@extremenetworks.com> <92c950310812161620j7d8aaa16m553940edadbe6d8f@mail.gmail.com>
X-Mailer: Apple Mail (2.930.3)
Cc: opsec@ietf.org
Subject: Re: [OPSEC] minutes part 2
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org
On 16 Dec 2008, at 19:20, Glen Kent wrote: > I don't understand your concern. I have no concern with the WG documenting any issues, provided: - they really are technical issues rather than opinion, - the analysis really is comprehensive, including a threat model, - the analysis also discusses existing mitigations, and - the analysis covers all such authentication mechanism, including for example RFC-2154, not just some of them. (For an individual submission rather than a WG document, of course, none of the above caveats would apply, as individuals can say whatever they wish, true or not, in a personal informational RFC. :-) As my notes have tried (and perhaps failed, sigh) to make clear, the focus of my concerns are: 1) An apparent proposal, according to the WG minutes, to have the OPsec WG recommend that users migrate to using SHA-based mechanisms. There are not solid technical grounds to recommend/prefer SHA approaches over MD5 approaches (or the reverse: it isn't obvious that MD5 is better either). 2) Erroneous claims in the meeting minutes that SHA-based approaches are better than the existing MD5-based mechanisms. The approaches are very slightly different, but as the URLs I provided much earlier today make clear, SHA has issues in the published literature just as MD5 does, AND NIST is actively moving to deprecate SHA/SHA-1/ SHA-2. Yours, Ran rja@extremenetworks.com _______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec
- [OPSEC] minutes part 2 Joel Jaeggli
- Re: [OPSEC] minutes part 2 RJ Atkinson
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 Glen Kent
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 Glen Kent
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 R Atkinson
- [OPSEC] Prospective issue with IPsec ESP-NULL & I… R Atkinson
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] Prospective issue with IPsec ESP-NULL… Vishwas Manral
- Re: [OPSEC] Prospective issue with IPsec ESP-NULL… R Atkinson
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] Prospective issue with IPsec ESP-NULL… Vishwas Manral
- Re: [OPSEC] Prospective issue with IPsec ESP-NULL… R Atkinson
- Re: [OPSEC] minutes part 2 Glen Kent
- Re: [OPSEC] minutes part 2 Glen Kent
- Re: [OPSEC] minutes part 2 Glen Kent
- Re: [OPSEC] minutes part 2 Glen Kent
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] Prospective issue with IPsec ESP-NULL… Vishwas Manral
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 Bhatia, Manav (Manav)
- Re: [OPSEC] minutes part 2 Bhatia, Manav (Manav)
- Re: [OPSEC] minutes part 2 Glen Kent
- Re: [OPSEC] minutes part 2 Glen Kent
- Re: [OPSEC] Prospective issue with IPsec ESP-NULL… Darrel Lewis (darlewis)
- Re: [OPSEC] minutes part 2 Darrel Lewis (darlewis)
- Re: [OPSEC] minutes part 2 Bhatia, Manav (Manav)
- Re: [OPSEC] minutes part 2 Bhatia, Manav (Manav)
- Re: [OPSEC] minutes part 2 Joel Jaeggli
- Re: [OPSEC] minutes part 2 RJ Atkinson
- Re: [OPSEC] minutes part 2 RJ Atkinson
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 Glen Kent
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 Joel Jaeggli
- Re: [OPSEC] minutes part 2 Joel Jaeggli
- Re: [OPSEC] minutes part 2 RJ Atkinson
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 Joel Jaeggli
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 Vishwas Manral
- [OPSEC] FW: minutes part 2 Michael Barnes
- Re: [OPSEC] FW: minutes part 2 Smith, Donald
- Re: [OPSEC] FW: minutes part 2 Michael Barnes
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 R Atkinson