IETF Logo Mail Archive

Re: [OPSEC] minutes part 2

"Vishwas Manral" <vishwas.ietf@gmail.com> Mon, 29 December 2008 21:16 UTC

Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0673E3A6C6B; Mon, 29 Dec 2008 13:16:54 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 21EE328C269 for <opsec@core3.amsl.com>; Mon, 29 Dec 2008 13:16:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pqKCIrdkKIjB for <opsec@core3.amsl.com>; Mon, 29 Dec 2008 13:16:51 -0800 (PST)
Received: from mail-bw0-f21.google.com (mail-bw0-f21.google.com [209.85.218.21]) by core3.amsl.com (Postfix) with ESMTP id C37543A6C6A for <opsec@ietf.org>; Mon, 29 Dec 2008 13:16:50 -0800 (PST)
Received: by bwz14 with SMTP id 14so16660136bwz.13 for <opsec@ietf.org>; Mon, 29 Dec 2008 13:16:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=csTIO/ke/0PYtd32X2zc0SNJz9p6eNoebijZ+oUXIOE=; b=E1za/Qh+IS9PRhkBCCOIgzhuVtcu4tgO0dJQagNWLhY6XvFa3nnWMdI3StluKTafM6 7fDRkvGT8OJ88v9+ncySS8gxjIUN+s5LA8yZd/2g/juS3t03g/rpJ5fYqBnzyC+dia/p Sfp8q6rRJmHQgT1SZGah51P+GX4ZoRKICuDtA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=K3UuJUEEKDW7zjBwT6JXID1vnv+zq4I4BDSRAaqQN6oHafCyPvhom5zxtGnITqjNsb SGBG+pV6aNpnzReM8xqNBDJqYlZuRJwvXwarKj6BbXd7zC1YsCvDeqaPtynjz6Xb3WTi M5FOth2st23EDvlkf98EChoujJcVfGWsHgy2w=
Received: by 10.180.251.15 with SMTP id y15mr5352228bkh.106.1230585399533; Mon, 29 Dec 2008 13:16:39 -0800 (PST)
Received: by 10.180.209.3 with HTTP; Mon, 29 Dec 2008 13:16:39 -0800 (PST)
Message-ID: <77ead0ec0812291316h75c87da3i190cb23996e09a10@mail.gmail.com>
Date: Mon, 29 Dec 2008 13:16:39 -0800
From: Vishwas Manral <vishwas.ietf@gmail.com>
To: R Atkinson <ran.atkinson@gmail.com>
In-Reply-To: <4070E95B-4E30-4B1F-90F1-B20F67EDEDFF@gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
References: <EC3F7E1D-F7C8-484A-A0C0-1A25E79AD86E@extremenetworks.com> <77ead0ec0812161616r5cc782c5j69415f75d4aa82bb@mail.gmail.com> <7EBC9C5C-EDF9-4CDD-8E1B-B9D05656ACAA@gmail.com> <494D48B6.9090302@bogus.com> <77ead0ec0812222113m28f91093ke6512a5d7a287b0c@mail.gmail.com> <1D5F3F5F-4357-4E25-BEDE-35300949EDB8@gmail.com> <77ead0ec0812231006u55443dacn1731f51a8e922b62@mail.gmail.com> <8CA72870-DEB9-4979-8478-ED5467AF3DD3@gmail.com> <77ead0ec0812231556t73e24f17m9d52862672b22dc5@mail.gmail.com> <4070E95B-4E30-4B1F-90F1-B20F67EDEDFF@gmail.com>
Cc: opsec@ietf.org
Subject: Re: [OPSEC] minutes part 2
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

Hi Ran,

Great to hear you back. Hope you had a good holiday.

I will reply to your earlier questions about the SHA algorithm as well
as the other mails you have replied to. I have worked over the
questions you raised as well as talked to cryptographers as well as
the AD's for the same.

> On  23 Dec 2008, at 18:56, Vishwas Manral wrote:
>>
>> "Regardless of use, NIST encourages application and protocol designers
>> to use the SHA-2 family of hash functions for all new applications and
>> protocols."
>
> That is a policy statement, not a claim that it is safe to use.
>
> NIST are required by US law to recommend *something* for
> US agencies to use, and SHA-2 has the largest raw key size
> of NIST's (currently quite limited) choices.
That is good. So we agree that NIST atleast encourages the protocol
designers to use the algorithms. :) We probably also agree that there
is cutomer request for the use of the SHA algorithms as has been
brought out by others too.

I have been following the NIST development of the new protocol and it
is very well known inside the community  that any new algorithm to
replace SHA will be deployable only 10 years or so later. So I agree
its a good aim to have to use the algorithms that come out of the
selection process, the process itself may take a few years to get
through.

Regarding the talk of SHA algorithm having issues are correct however
after talking to cryptographers who have evaluated the current attacks
- it seems clear to them that MD5 strength is considerably lesser than
the SHA algorithm strengths. I will send you the details in another
mail. I have already shared the same with the WG chair.

It also seems clear from talks with the AD's that MD5 is not
recommended in any form for any cryptographic use - it is however
still not the case for SHA algorithm.

Thanks,
Vishwas

> However, NIST ARE working to deprecate SHA -- visible via
> the process described on their web site.  That process
> is entirely analogue to the process NIST used to replace
> DES with AES -- public submission period, public review
> period, and so forth.
>
>>> "The SHA-2 family of hash functions may be used by Federal agencies
>>> for all applications using secure hash algorithms."
>>>
>>> "Federal agencies should stop using SHA-1 for digital signatures,
>>> digital time stamping, and other applications that require
>>> collision resistance as soon as practical..."
>>
>> I am sorry to use the term safe. My intent was to state that SHA-1 has
>> been mandated to be not used for particular applications, while .SHA-2
>> family is encouraged for use by protocol designers.
>>
>> Are we on the same page regarding this or not?
>
> I don't know what your view is.
>
> NIST says that there are "serious attacks" on the
> SHA family and NIST is actively working to deprecate
> the SHA family (replacing it with something else).
>
> So there is NOT scientific reason to believe that the
> SHA family is stronger *as used in IGP authentication*
> than some other algorithm -- nor is there reason to
> believe some other algorithm is stronger than SHA given
> what we know right now.
>
> What would help here is a scientific paper comparing
> A and B formally and reaching some conclusion(s),
> a refereed openly published paper that everyone here
> can read.
>
> Cheers,
>
> Ran
> rja@extremenetworks.com
>
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

v2.23.0 | Report a Bug | By Email