IETF Logo Mail Archive

Re: [OPSEC] minutes part 2

R Atkinson <ran.atkinson@gmail.com> Mon, 29 December 2008 18:08 UTC

Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3A37E28C292; Mon, 29 Dec 2008 10:08:55 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AF30628C28C for <opsec@core3.amsl.com>; Mon, 29 Dec 2008 10:08:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fFLqvWCTAlkV for <opsec@core3.amsl.com>; Mon, 29 Dec 2008 10:08:52 -0800 (PST)
Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.28]) by core3.amsl.com (Postfix) with ESMTP id ABC2C28C285 for <opsec@ietf.org>; Mon, 29 Dec 2008 10:08:52 -0800 (PST)
Received: by yw-out-2324.google.com with SMTP id 3so2334389ywj.49 for <opsec@ietf.org>; Mon, 29 Dec 2008 10:08:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime-version :subject:date:references:x-mailer; bh=N3X8acN5UiF4n+TVqoGnbLhau8UMceZiQ2daOFxf19c=; b=oW10xTH+v+V03jY+zjTf0lJtAgk+lrXqNqTfDVKfJNUwDI313CXzTGz5rod44TwF1u srvEsdhM5fzLbcNiTK+7bjLhS/SgOQaeQypvGqbALr0gN2kdUac/2W+D4/+muJK84NTo aJa5avfSiU2dvuP1gCzq07QrwGLPK9cIWxedg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:from:to:in-reply-to:content-type :content-transfer-encoding:mime-version:subject:date:references :x-mailer; b=A1rJBkjosAXqxFbX9x6G7herwYysdTdB0vlwnCQrBCoRbemniWoWjd1G1W+rZWXcZo Y3+0cIJnJn8Z770tB6d8MKEn5GSit9Daj6hWfGkws4aIHUT2la07HkWkOKdAh/hW4eZY gLAEplDNckxwxqdVveDFJPSw1K1FaN+r3DgI0=
Received: by 10.150.96.10 with SMTP id t10mr13906936ybb.128.1230574121992; Mon, 29 Dec 2008 10:08:41 -0800 (PST)
Received: from ?10.30.20.71? (pool-72-84-80-181.nrflva.fios.verizon.net [72.84.80.181]) by mx.google.com with ESMTPS id h27sm19688819elf.16.2008.12.29.10.08.36 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 29 Dec 2008 10:08:39 -0800 (PST)
Message-Id: <B3A82D19-AE06-4F76-80C0-51C6F13B1F75@gmail.com>
From: R Atkinson <ran.atkinson@gmail.com>
To: opsec@ietf.org
In-Reply-To: <77ead0ec0812231642me00ebceue465f19183039492@mail.gmail.com>
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Mon, 29 Dec 2008 13:08:31 -0500
References: <EC3F7E1D-F7C8-484A-A0C0-1A25E79AD86E@extremenetworks.com> <0C823E84-78EE-4234-9AD8-20688B0F8F55@gmail.com> <77ead0ec0812161616r5cc782c5j69415f75d4aa82bb@mail.gmail.com> <7EBC9C5C-EDF9-4CDD-8E1B-B9D05656ACAA@gmail.com> <494D48B6.9090302@bogus.com> <77ead0ec0812222113m28f91093ke6512a5d7a287b0c@mail.gmail.com> <1D5F3F5F-4357-4E25-BEDE-35300949EDB8@gmail.com> <77ead0ec0812231021g2a9b84a5q70533d5e0d74f7b4@mail.gmail.com> <4A20D9A3-5A0B-4A11-AF7E-0773E0519B23@gmail.com> <77ead0ec0812231600vbd7c8fejd3a72a67b200185c@mail.gmail.com> <77ead0ec0812231642me00ebceue465f19183039492@mail.gmail.com>
X-Mailer: Apple Mail (2.930.3)
Subject: Re: [OPSEC] minutes part 2
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

On  23 Dec 2008, at 19:42, Vishwas Manral wrote:
> "After 2010, Federal agencies may use SHA-1 only for the following
> applications: hash-based message authentication codes (HMACs); key
> derivation functions (KDFs); and random number generators (RNGs). "
>
> So it seems in NIST view atleast SHA-1 with HMAC constructs is not
> affected to warrant a reccomendation to stop its use like for the
> other case.

Again, NIST by law is required to recommend something.
NIST only recommends NIST algorithms, which is why
they've kicked off the process to deprecate SHA and
select something else for their secure hashing.

The above quote is statement of policy, about what Federal
agencies may use in which situations.  It is not a claim
that any of those are "safe to use".  Separately that
quote does not support any claim that SHA is stronger
(or weaker) than some other algorithm in any particular
mode of operation.

Again, if you have an actual scientific referred openly
published paper comparing A and B, then please share it.

Until such a paper appears, we don't have the data to
make a scientific evaluation of which of several options
might be better or worse.

In any event, the IETF is global and is supposed to operate
based on science, not on the national policy of one country.

Cheers,

Ran

_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

v2.23.0 | Report a Bug | By Email