Re: [OPSEC] draft-bhatia-manral-igp-crypto-requirements
<Pasi.Eronen@nokia.com> Tue, 10 March 2009 07:27 UTC
Return-Path: <Pasi.Eronen@nokia.com>
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 40E7D28C11C for <opsec@core3.amsl.com>; Tue, 10 Mar 2009 00:27:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.493
X-Spam-Level:
X-Spam-Status: No, score=-6.493 tagged_above=-999 required=5 tests=[AWL=0.106, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vlxtRBIvmpyK for <opsec@core3.amsl.com>; Tue, 10 Mar 2009 00:27:28 -0700 (PDT)
Received: from mgw-mx03.nokia.com (smtp.nokia.com [192.100.122.230]) by core3.amsl.com (Postfix) with ESMTP id 0E1DA28C0F8 for <opsec@ietf.org>; Tue, 10 Mar 2009 00:27:27 -0700 (PDT)
Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213]) by mgw-mx03.nokia.com (Switch-3.2.6/Switch-3.2.6) with ESMTP id n2A7Rvch030620; Tue, 10 Mar 2009 09:27:58 +0200
Received: from esebh102.NOE.Nokia.com ([172.21.138.183]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 10 Mar 2009 09:27:22 +0200
Received: from smtp.mgd.nokia.com ([65.54.30.7]) by esebh102.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Tue, 10 Mar 2009 09:27:22 +0200
Received: from NOK-EUMSG-01.mgdnok.nokia.com ([65.54.30.86]) by nok-am1mhub-03.mgdnok.nokia.com ([65.54.30.7]) with mapi; Tue, 10 Mar 2009 08:27:21 +0100
From: Pasi.Eronen@nokia.com
To: opsec@ietf.org
Date: Tue, 10 Mar 2009 08:27:22 +0100
Thread-Topic: Re: [OPSEC] draft-bhatia-manral-igp-crypto-requirements
Thread-Index: AcmhUacCfjTVHV0hRlyBLWokdcYd0g==
Message-ID: <808FD6E27AD4884E94820BC333B2DB7727F1CB1A8B@NOK-EUMSG-01.mgdnok.nokia.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 10 Mar 2009 07:27:22.0192 (UTC) FILETIME=[A6EFB500:01C9A151]
X-Nokia-AV: Clean
Cc: tim.polk@nist.gov
Subject: Re: [OPSEC] draft-bhatia-manral-igp-crypto-requirements
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2009 07:27:29 -0000
Folks, Some folks have asked us off-list if this is a new normative IETF Security Area policy about cryptographic algorithms, and if it is, why it comes from the area directors instead of, say, SAAG (IETF's Security Area Advisory Group) or CFRG (IRTF's Crypto Forum Research Group). So, to clarify: this is *not* an IETF security area policy; this was our (Pasi's and Tim's) personal advice to a specific question whether adding HMAC-SHA1 support to routing protocols that currently only support MD5-based MACs makes sense or is waste of time (either because MD5 is good enough for MACs, or because SHA1-based MACs are not good enough). Our opinion is a qualified "yes": it's better to get rid of MD5, and adding support for e.g. HMAC-SHA1 (which we think will be OK for long time) makes sense *if* at the same time we can do other improvements. These could include taking a look at the algorithm agility parts of the protocols (so that adding new MACs in the future will be less painful, and making sure we can support non-hash-based MACs), making sure we can do key rollovers without tearing down sessions, improving MAC coverage, improving replay protection, and so on. Most of these benefits are not specifically about HMAC-SHA1, and adding support for some other good MAC could be done instead. The IETF does not have any official policy on what MACs are good and what are not, but going forward, we'd recommend considering non-hash based MACs, too (so phrasing the situation as MD5 vs. SHA1 is not really accurate if the protocols really need a MAC, not a hash). On the other hand, in any given protocol the use of MD5 might not be currently the weakest link. And if your secret key is something network administrators can easily remember and type in (as opposed to copy-pasting from somewhere), it's probably also trivial to discover by brute force. So when considering adding features to routing protocols, new hash or MAC algorithms may not necessarily be the highest priority. For those who would be interested in having a more comprehensive IETF-wide policy about hash algorithms, some folks at CFRG are currently thinking about writing something (perhaps an update to RFC 4270 or something else). Interested folks might want to contact the CFRG chairs and exchange ideas at IETF74. Best regards, Pasi & Tim > -----Original Message----- > From: Vishwas Manral <vishwas.ietf@gmail.com> > Sent: Mon, 23 Feb 2009 20:09:05 -0800 > To: opsec wg mailing list <opsec@ietf.org> > Sent: 24 February, 2009 19:12 > Subject: [OPSEC] draft-bhatia-manral-igp-crypto-requirements > > > Hi folks, > > We now have got some clear guidance regarding this document from the > Security AD's regarding the cryptographic algorithms (Joel has been > privy to those mails). The guidance seems to second what Hugo and > other cryptographers have been stating all along. The crux of what > has been said is: > > MD5 should not be used for crypto purposes. SHA-1 though stronger is > also vulnerable. HMAC-MD5 though not yet vulnerable looks highly > suspect and should not be reccomended. HMAC-SHA-1 for now looks ok > and can be reccomended. Goinf forward we should try to reccomend the > SHA-2 family of protocols. > > With these clear guidances matching what we have in our documents, I > would like to ask the working group to look into this document > further. We can then look at getting this as a WG document. > > Thanks, > Vishwas
- [OPSEC] draft-bhatia-manral-igp-crypto-requiremen… Vishwas Manral
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… Glen Kent
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… Vishwas Manral
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… Joel Jaeggli
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… Vishwas Manral
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… Joel Jaeggli
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… Bhatia, Manav (Manav)
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… John Smith
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… Pasi.Eronen
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… Vishwas Manral