IETF Logo Mail Archive

[OPSEC] draft-bhatia-manral-igp-crypto-requirements

Vishwas Manral <vishwas.ietf@gmail.com> Tue, 24 February 2009 04:08 UTC

Return-Path: <vishwas.ietf@gmail.com>
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C4E2F3A695F for <opsec@core3.amsl.com>; Mon, 23 Feb 2009 20:08:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id au5M--8QaSJS for <opsec@core3.amsl.com>; Mon, 23 Feb 2009 20:08:51 -0800 (PST)
Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.24]) by core3.amsl.com (Postfix) with ESMTP id D4DEC3A6960 for <opsec@ietf.org>; Mon, 23 Feb 2009 20:08:47 -0800 (PST)
Received: by qw-out-2122.google.com with SMTP id 3so1205916qwe.31 for <opsec@ietf.org>; Mon, 23 Feb 2009 20:09:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=5ffqEtNhADaSHwF2iNAqQd93N1hWAz23mZbOVcAzXBk=; b=C/28KYXcyK/n/BQvpJW9vMwUW3y8VJUKtjWvucWJW29WWQAM4M+o+Rv+w88VPNztoz /tO+A0z1mHhf+lTpo214w7XAZHG3hwPN183WlJBwcDaUH0oIsM8eDGD1nAflKDXBz2eT AXz8P1+HAmhNg2CBd56TwXZNjEfdxEQPQ/Wzo=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=DCzEb4wgAo+Clm4cPuWKWIaiuuLbJLhuuXWtkInxl38uD2j3qlz269Vn2VP3+7Mw8Z cCZlbVB1XJdFCU31/gKsXaAZRQlK6tgp3Ru294kPzsqtpIPVJXRL0VQCWckzFu1Y5d+L 1y6I1GuB7pZm1GCSLzy8cW440Xczhp+sfwLVw=
MIME-Version: 1.0
Received: by 10.229.97.194 with SMTP id m2mr1759635qcn.21.1235448545165; Mon, 23 Feb 2009 20:09:05 -0800 (PST)
Date: Mon, 23 Feb 2009 20:09:05 -0800
Message-ID: <77ead0ec0902232009s260cee0dn4f81390ddf698e1c@mail.gmail.com>
From: Vishwas Manral <vishwas.ietf@gmail.com>
To: opsec wg mailing list <opsec@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: [OPSEC] draft-bhatia-manral-igp-crypto-requirements
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Feb 2009 04:08:51 -0000

Hi folks,

We now have got some clear guidance regarding this document from the
Security AD's regarding the cryptographic algorithms (Joel has been
privy to those mails). The guidance seems to second what Hugo and
other cryptographers have been stating all along. The crux of what has
been said is:

MD5 should not be used for crypto purposes. SHA-1 though stronger is
also vulnerable. HMAC-MD5 though not yet vulnerable looks highly
suspect and should not be reccomended. HMAC-SHA-1 for now looks ok and
can be reccomended. Goinf forward we should try to reccomend the SHA-2
family of protocols.

With these clear guidances matching what we have in our documents, I
would like to ask the working group to look into this document
further. We can then look at getting this as a WG document.

Thanks,
Vishwas

v2.23.0 | Report a Bug | By Email