IETF Logo Mail Archive

Re: [OPSEC] minutes part 2

R Atkinson <ran.atkinson@gmail.com> Thu, 18 December 2008 01:47 UTC

Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B14E03A694D; Wed, 17 Dec 2008 17:47:50 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E4E103A68D7 for <opsec@core3.amsl.com>; Wed, 17 Dec 2008 17:47:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vVghit4Eoh4c for <opsec@core3.amsl.com>; Wed, 17 Dec 2008 17:47:48 -0800 (PST)
Received: from mail-qy0-f11.google.com (mail-qy0-f11.google.com [209.85.221.11]) by core3.amsl.com (Postfix) with ESMTP id EF1663A694D for <opsec@ietf.org>; Wed, 17 Dec 2008 17:47:47 -0800 (PST)
Received: by qyk4 with SMTP id 4so216351qyk.13 for <opsec@ietf.org>; Wed, 17 Dec 2008 17:47:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime-version :subject:date:references:x-mailer; bh=zrWl2m1+/n21GQEWpClfPe5gi89A14A4//dRu039s2M=; b=ChrVkbKDtoh6xH8vFpVHctHUFcBG2X8UjnoFU1UHBMwWCwJuJ63TGDd5rdHVyfq8bI 3Kmm+oMNsd72tAryn0e6dnTb7oHDMOhO+juP9F4svaroJap/0mzQiHUvbr2yZ4+tIORW NCg0/TXwZfvGjrw6+guv+nsUwFNLFrvl4CHsY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:from:to:in-reply-to:content-type :content-transfer-encoding:mime-version:subject:date:references :x-mailer; b=SxJHXIlNYm3vxKP/1ANa4u5oOon6yedCrNXUaZQhAAuG8EmEtZ8SR+L7MQTMVHmTN1 jRjretAAj+UXxQYZo8h5JiKuBSjwqjRPzITH0vg6UfLGEzkB2dZYHLUDnjp960fL/Lnm j/r23zDOqSekP+aazuGOu1CinzendWd9nGdhw=
Received: by 10.214.147.17 with SMTP id u17mr1869403qad.55.1229564859645; Wed, 17 Dec 2008 17:47:39 -0800 (PST)
Received: from ?10.10.1.61? (67.111.52.130.ptr.us.xo.net [67.111.52.130]) by mx.google.com with ESMTPS id 7sm4954235qwb.38.2008.12.17.17.47.38 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 17 Dec 2008 17:47:39 -0800 (PST)
Message-Id: <286BDFBC-58E6-401D-B2DB-90237AB558EA@gmail.com>
From: R Atkinson <ran.atkinson@gmail.com>
To: opsec@ietf.org
In-Reply-To: <92c950310812171706y3902b3edm76bec430f4adf804@mail.gmail.com>
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Wed, 17 Dec 2008 20:47:33 -0500
References: <EC3F7E1D-F7C8-484A-A0C0-1A25E79AD86E@extremenetworks.com> <77ead0ec0812160927j77bf42c6mbccef8ccf55d1e16@mail.gmail.com> <90F75653-21D6-4D2B-9472-52F2BDF7510D@gmail.com> <77ead0ec0812161118l3ca37732m541deb4c716a8f42@mail.gmail.com> <0C823E84-78EE-4234-9AD8-20688B0F8F55@gmail.com> <77ead0ec0812161616r5cc782c5j69415f75d4aa82bb@mail.gmail.com> <7EBC9C5C-EDF9-4CDD-8E1B-B9D05656ACAA@gmail.com> <92c950310812171706y3902b3edm76bec430f4adf804@mail.gmail.com>
X-Mailer: Apple Mail (2.930.3)
Subject: Re: [OPSEC] minutes part 2
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

On  17 Dec 2008, at 20:06, Glen Kent wrote:
>> I object to the assertions in those minutes that:
>>       - the SHA approaches are better/stronger than MD5 approaches.
>>         [We have agreed that the evidence does NOT support such a
>>         claim -- which claim appears to be in the meeting minutes.]
>>
>>       - the WG should recommend/encourage/promote SHA approaches
>>         over MD5 approaches. [which claim again appears to be
>>         in the meeting minutes]
>
> So you're asserting that Md5 is as strong as SHA. Can you please  
> confirm this?

No.  I'm asserting that:

   At present, there is no data indicating that MD5
   (as used for IGP authentication) is either stronger
   or weaker than SHA (as used for IGP authentication).


There was a time (now past) where there were published
concerns about the compression function of MD5
[Dobbertin1996] but there were not equivalent concerns
about SHA.  I cited specific published papers that now
indicate strong concerns with the compression function
of SHA.  I also cited a NIST formal statement indicating
that there were "serious attacks" on the compression
function of SHA.  (In both cases, I provided specific
URLs yesterday in email to the OPsec list.)

Yours,

Ran Atkinson
rja@extremenetworks.com


_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

v2.23.0 | Report a Bug | By Email