IETF Logo Mail Archive

Re: [OPSEC] minutes part 2

"Vishwas Manral" <vishwas.ietf@gmail.com> Tue, 23 December 2008 18:07 UTC

Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 727CD3A6B2B; Tue, 23 Dec 2008 10:07:10 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 45E753A6B2A for <opsec@core3.amsl.com>; Tue, 23 Dec 2008 10:07:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1YBxF0Y6BYjB for <opsec@core3.amsl.com>; Tue, 23 Dec 2008 10:07:05 -0800 (PST)
Received: from mail-bw0-f21.google.com (mail-bw0-f21.google.com [209.85.218.21]) by core3.amsl.com (Postfix) with ESMTP id 9D3863A6452 for <opsec@ietf.org>; Tue, 23 Dec 2008 10:07:04 -0800 (PST)
Received: by bwz14 with SMTP id 14so10282266bwz.13 for <opsec@ietf.org>; Tue, 23 Dec 2008 10:06:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=Ml53pTEDJS2iwKXq59V0cfPJOrkovGTOfbq235Kv22I=; b=nMWaVZ2L/d9QotkBJpQ7HSs9lWoryDphfpL/3YcS3gUcHMgkDRsQDvRZLQlboJ7rxh WYQzaXUgO2vqbN18mD6kbcqVn4TB833Llwl5FNRaN3ncRDU/CoM4u5blGq3QS5F9524G mosB+LrlZT9mx3VN6nRFjK8OI7TUk8u7i+rH8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=pWg2RCloMtfEAQUsv36u+BAawNgyJIGWUFh4zSd9PP7rH4EwytY1Yf+vZvpMPYvcMv 3WDIktaxrThVucdewIbsPApmmNvFby/WNlvLMwozwoSjRbBUO7vvaMqnF1twxi12AOKm R4HBFG45uZ1GDVs09J7IAEMZY4cKLa+9gDJsc=
Received: by 10.181.50.1 with SMTP id c1mr2823885bkk.3.1230055614218; Tue, 23 Dec 2008 10:06:54 -0800 (PST)
Received: by 10.180.209.3 with HTTP; Tue, 23 Dec 2008 10:06:54 -0800 (PST)
Message-ID: <77ead0ec0812231006u55443dacn1731f51a8e922b62@mail.gmail.com>
Date: Tue, 23 Dec 2008 10:06:54 -0800
From: Vishwas Manral <vishwas.ietf@gmail.com>
To: R Atkinson <ran.atkinson@gmail.com>
In-Reply-To: <1D5F3F5F-4357-4E25-BEDE-35300949EDB8@gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
References: <EC3F7E1D-F7C8-484A-A0C0-1A25E79AD86E@extremenetworks.com> <77ead0ec0812160927j77bf42c6mbccef8ccf55d1e16@mail.gmail.com> <90F75653-21D6-4D2B-9472-52F2BDF7510D@gmail.com> <77ead0ec0812161118l3ca37732m541deb4c716a8f42@mail.gmail.com> <0C823E84-78EE-4234-9AD8-20688B0F8F55@gmail.com> <77ead0ec0812161616r5cc782c5j69415f75d4aa82bb@mail.gmail.com> <7EBC9C5C-EDF9-4CDD-8E1B-B9D05656ACAA@gmail.com> <494D48B6.9090302@bogus.com> <77ead0ec0812222113m28f91093ke6512a5d7a287b0c@mail.gmail.com> <1D5F3F5F-4357-4E25-BEDE-35300949EDB8@gmail.com>
Cc: opsec@ietf.org
Subject: Re: [OPSEC] minutes part 2
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

Hi Ran,

> Of course, NIST's approved algorithms list only contains
> NIST algorithms  This ought not be surprising.
>
> Of course, non-NIST algorithms aren't on NIST's lists.
> That is a tautology.
>
> There is no news here.
I am not trying to disseminate news here. The aim was to show that the
link which has been updated 2 months back states the uses of SHA-2,
etc is safe for hashing purposes.

I wanted to know if you thought that information was not correct.

Thanks,
Vishwas

> It is all entirely consistent with my prior statements.  There
> are some organisations that *for policy reasons* prefer to use
> certain algorithms or algorithm families.
>
> A choice made to comply with (local or national) organisational
> policy is quite different from a claim that scientific
> evidence exists that one algorithm is better than some
> other algorithm (when evaluated in the context of a
> particular cryptographic mode -- comparing apples to apples).
>
> As the IETF is an international, global organisation,
> the IETF has so far declined to use *local or national
> policy* as the basis to endorse or reject any particular
> algorithm.  This seems only proper as the IETF ought not
> prefer US policy over another country's policy in its
> decision making.  This principle of using global scope for
> the IETF standards processes lies behind [RFC-1984].
>
> Given the relatively recent information indicating "serious
> attacks" on SHA (the quote is from NIST [1]), including an
> acknowledged attack on SHA-1 [2], previous beliefs that SHA
> might be stronger are no longer supported by the science at hand.
> MD5 is also subject to "serious attacks" that have been published.
> So the data available says that both SHA and MD5 have cause
> for serious concern.
>
> Now, maybe someone has recently published some scientific,
> peer-reviewed, paper that compares MD5 and SHA (in the mode
> used by the IGPs for authentication).  If such exists, a pointer
> to that paper would be helpful to everyone in the OPsec WG.
> Absent such a paper, the only *scientific* conclusion is that
> (1) there is cause for concern about both SHA and MD5 and
> (2) there is not enough data at the present time to prefer
> either of those algorithms over the other algorithm.
>
> A practical step might be for some folks (not including me !)
> to add some additional MAC algorithms to the set available
> for IGP authentication, to provide more choices to implementers.
> Apparently specifications for an AES-CBC MAC and a "Counter
> with CBC-MAC" have been created in recent years. [RFC-3566]
> [RFC-3610]  (NOTE WELL:  I haven't done a literature search
> on either of those, so I'm not recommending either one; instead,
> I am only noting that the universe is not limited to SHA or MD5,
> and providing some examples of other options by way of an
> existence proof.)
>
> Cheers,
>
> Ran
> rja@extremenetworks.com
>
> PS:  The set of "First Round Candidates" to replace
> the existing SHA standards are listed at reference [3] below.
>
> [1]<http://csrc.nist.gov/groups/ST/hash/index.html>
> [2]<http://csrc.nist.gov/groups/ST/toolkit/documents/shs/NISTHashComments-final.pdf>
> [3]<http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/submissions_rnd1.html>
> _______________________________________________
> OPSEC mailing list
> OPSEC@ietf.org
> https://www.ietf.org/mailman/listinfo/opsec
>
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

v2.23.0 | Report a Bug | By Email