IETF Logo Mail Archive

Re: [OPSEC] minutes part 2

R Atkinson <ran.atkinson@gmail.com> Tue, 23 December 2008 15:45 UTC

Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 104A13A6B18; Tue, 23 Dec 2008 07:45:00 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5D67F28C0E4 for <opsec@core3.amsl.com>; Tue, 23 Dec 2008 07:44:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x76VQzMejYwC for <opsec@core3.amsl.com>; Tue, 23 Dec 2008 07:44:58 -0800 (PST)
Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.25]) by core3.amsl.com (Postfix) with ESMTP id 1F38D3A68EF for <opsec@ietf.org>; Tue, 23 Dec 2008 07:44:57 -0800 (PST)
Received: by qw-out-2122.google.com with SMTP id 3so1345362qwe.31 for <opsec@ietf.org>; Tue, 23 Dec 2008 07:44:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime-version :subject:date:references:x-mailer; bh=ibycQ9+lnCJnar7gFNdOLRfqv0MkptH/QIHm6l5Qkq4=; b=tEi1Yw2iqeyA3RLnZhjTrSIX2dj9Gk1DF1MfcZILXu4HioZoCpyUUPR09k8VekG5LU t2hNpauoiqgDz+4E4PbSwlZf2uY5VW8e5YdDRXe5AbAHCl+sK3k1Hpv4djJAWFNTjR71 kA6QQifxlBckvBD2dN/AUA2K0voPlUzBEoWx0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:from:to:in-reply-to:content-type :content-transfer-encoding:mime-version:subject:date:references :x-mailer; b=BqLg8kSOamQWsxjJfqsVI3+blU9DzlEKHNX4N8KdoEBlgLe28kvx2PcOXtiKn1G3K+ YcO8VAeDoP4buxlaL62NcqujzT5ghcq6EIbdL4DVBe39QtyrgLMSbHegESydWOmddsOd UCwLL8wpF/4i/HWucDIlalqCAbPPw+Ke6mjgg=
Received: by 10.214.181.20 with SMTP id d20mr7586434qaf.378.1230047087634; Tue, 23 Dec 2008 07:44:47 -0800 (PST)
Received: from ?10.30.20.71? (pool-72-84-80-181.nrflva.fios.verizon.net [72.84.80.181]) by mx.google.com with ESMTPS id 6sm1004345ywi.46.2008.12.23.07.44.46 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 23 Dec 2008 07:44:47 -0800 (PST)
Message-Id: <1D5F3F5F-4357-4E25-BEDE-35300949EDB8@gmail.com>
From: R Atkinson <ran.atkinson@gmail.com>
To: opsec@ietf.org
In-Reply-To: <77ead0ec0812222113m28f91093ke6512a5d7a287b0c@mail.gmail.com>
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Tue, 23 Dec 2008 10:44:36 -0500
References: <EC3F7E1D-F7C8-484A-A0C0-1A25E79AD86E@extremenetworks.com> <77ead0ec0812160927j77bf42c6mbccef8ccf55d1e16@mail.gmail.com> <90F75653-21D6-4D2B-9472-52F2BDF7510D@gmail.com> <77ead0ec0812161118l3ca37732m541deb4c716a8f42@mail.gmail.com> <0C823E84-78EE-4234-9AD8-20688B0F8F55@gmail.com> <77ead0ec0812161616r5cc782c5j69415f75d4aa82bb@mail.gmail.com> <7EBC9C5C-EDF9-4CDD-8E1B-B9D05656ACAA@gmail.com> <494D48B6.9090302@bogus.com> <77ead0ec0812222113m28f91093ke6512a5d7a287b0c@mail.gmail.com>
X-Mailer: Apple Mail (2.930.3)
Subject: Re: [OPSEC] minutes part 2
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

Folks,

Of course, NIST's approved algorithms list only contains
NIST algorithms  This ought not be surprising.

Of course, non-NIST algorithms aren't on NIST's lists.
That is a tautology.

There is no news here.

It is all entirely consistent with my prior statements.  There
are some organisations that *for policy reasons* prefer to use
certain algorithms or algorithm families.

A choice made to comply with (local or national) organisational
policy is quite different from a claim that scientific
evidence exists that one algorithm is better than some
other algorithm (when evaluated in the context of a
particular cryptographic mode -- comparing apples to apples).

As the IETF is an international, global organisation,
the IETF has so far declined to use *local or national
policy* as the basis to endorse or reject any particular
algorithm.  This seems only proper as the IETF ought not
prefer US policy over another country's policy in its
decision making.  This principle of using global scope for
the IETF standards processes lies behind [RFC-1984].

Given the relatively recent information indicating "serious
attacks" on SHA (the quote is from NIST [1]), including an
acknowledged attack on SHA-1 [2], previous beliefs that SHA
might be stronger are no longer supported by the science at hand.
MD5 is also subject to "serious attacks" that have been published.
So the data available says that both SHA and MD5 have cause
for serious concern.

Now, maybe someone has recently published some scientific,
peer-reviewed, paper that compares MD5 and SHA (in the mode
used by the IGPs for authentication).  If such exists, a pointer
to that paper would be helpful to everyone in the OPsec WG.
Absent such a paper, the only *scientific* conclusion is that
(1) there is cause for concern about both SHA and MD5 and
(2) there is not enough data at the present time to prefer
either of those algorithms over the other algorithm.

A practical step might be for some folks (not including me !)
to add some additional MAC algorithms to the set available
for IGP authentication, to provide more choices to implementers.
Apparently specifications for an AES-CBC MAC and a "Counter
with CBC-MAC" have been created in recent years. [RFC-3566]
[RFC-3610]  (NOTE WELL:  I haven't done a literature search
on either of those, so I'm not recommending either one; instead,
I am only noting that the universe is not limited to SHA or MD5,
and providing some examples of other options by way of an
existence proof.)

Cheers,

Ran
rja@extremenetworks.com

PS:  The set of "First Round Candidates" to replace
the existing SHA standards are listed at reference [3] below.

[1]<http://csrc.nist.gov/groups/ST/hash/index.html>
[2]<http://csrc.nist.gov/groups/ST/toolkit/documents/shs/NISTHashComments-final.pdf 
 >
[3]<http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/submissions_rnd1.html 
 >
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

v2.23.0 | Report a Bug | By Email