IETF Logo Mail Archive

Re: [OPSEC] minutes part 2

R Atkinson <ran.atkinson@gmail.com> Tue, 23 December 2008 22:45 UTC

Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C8B503A6B3B; Tue, 23 Dec 2008 14:45:45 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 880593A6B3B for <opsec@core3.amsl.com>; Tue, 23 Dec 2008 14:45:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eONcTyDIeEVs for <opsec@core3.amsl.com>; Tue, 23 Dec 2008 14:45:43 -0800 (PST)
Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.29]) by core3.amsl.com (Postfix) with ESMTP id 48F333A67F2 for <opsec@ietf.org>; Tue, 23 Dec 2008 14:45:43 -0800 (PST)
Received: by yw-out-2324.google.com with SMTP id 3so1568285ywj.49 for <opsec@ietf.org>; Tue, 23 Dec 2008 14:45:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime-version :subject:date:references:x-mailer; bh=4xWdEcrDWQreqq6g2ULRyJX8c9lDumGBThD4Vq5g1l0=; b=Gzn4873m9l2JcNlCG9InzXxauCRrraAe+6FYfSgsSU459VRsRsC1tFXaRHjsnCiQVG PdVLBzaOkgPnqwe3WOKnFUd2DK0ZxyXvxZ003xVo4df79IJ7CkReeNqmKIbnLzXEikUe SGHPhGCoEnaINOQRkYvn/KXiJuZWzpddivs5I=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:from:to:in-reply-to:content-type :content-transfer-encoding:mime-version:subject:date:references :x-mailer; b=RQpSYzcfa3NstPaImRBVwxMheO5+8ohdySOYgeQ6URWZu0fsk3i8/vbTQYsLkzfNhY KIeCNLW0fhXGtYN2BEDp4RmD7qxdaETSWjxIa5YzgEaQ7I3pvRUEC6rLwj+ASt+h88+0 dmZN9t879jUxdttg16d4owOH5331yZC0jcEGs=
Received: by 10.100.48.19 with SMTP id v19mr4954936anv.46.1230072333092; Tue, 23 Dec 2008 14:45:33 -0800 (PST)
Received: from ?10.30.20.71? (pool-72-84-80-181.nrflva.fios.verizon.net [72.84.80.181]) by mx.google.com with ESMTPS id c1sm14299025ana.16.2008.12.23.14.45.32 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 23 Dec 2008 14:45:32 -0800 (PST)
Message-Id: <8CA72870-DEB9-4979-8478-ED5467AF3DD3@gmail.com>
From: R Atkinson <ran.atkinson@gmail.com>
To: opsec@ietf.org
In-Reply-To: <77ead0ec0812231006u55443dacn1731f51a8e922b62@mail.gmail.com>
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Tue, 23 Dec 2008 17:45:31 -0500
References: <EC3F7E1D-F7C8-484A-A0C0-1A25E79AD86E@extremenetworks.com> <77ead0ec0812160927j77bf42c6mbccef8ccf55d1e16@mail.gmail.com> <90F75653-21D6-4D2B-9472-52F2BDF7510D@gmail.com> <77ead0ec0812161118l3ca37732m541deb4c716a8f42@mail.gmail.com> <0C823E84-78EE-4234-9AD8-20688B0F8F55@gmail.com> <77ead0ec0812161616r5cc782c5j69415f75d4aa82bb@mail.gmail.com> <7EBC9C5C-EDF9-4CDD-8E1B-B9D05656ACAA@gmail.com> <494D48B6.9090302@bogus.com> <77ead0ec0812222113m28f91093ke6512a5d7a287b0c@mail.gmail.com> <1D5F3F5F-4357-4E25-BEDE-35300949EDB8@gmail.com> <77ead0ec0812231006u55443dacn1731f51a8e922b62@mail.gmail.com>
X-Mailer: Apple Mail (2.930.3)
Subject: Re: [OPSEC] minutes part 2
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

On  23 Dec 2008, at 13:06, Vishwas Manral wrote:
> I am not trying to disseminate news here. The aim was to show that the
> link which has been updated 2 months back states the uses of SHA-2,
> etc is safe for hashing purposes.

NIST's Policy on Hash Functions
<http://csrc.nist.gov/groups/ST/hash/policy.html>

This says precisely that:

"The SHA-2 family of hash functions may be used by Federal agencies
for all applications using secure hash algorithms."

This is a statement of policy, granting permission to Federal
agencies.  It does not say that they are "safe", just that they
"may be used by Federal agencies".

It then follows with another policy statement urging non-use
of SHA-1:

"Federal agencies should stop using SHA-1 for digital signatures,
digital time stamping, and other applications that require
collision resistance as soon as practical..."

Note that neither the NIST policy (URL above), nor the other
NIST statements (2 URLs next) say that SHA-2 is "safe".
In fact, the word "safe" doesn't appear at any of those URLs,
as near as my web browser can tell.

>> [1]<http://csrc.nist.gov/groups/ST/hash/index.html>
>> [2]<http://csrc.nist.gov/groups/ST/toolkit/documents/shs/NISTHashComments-final.pdf 
>> >

These 2 URLs above say that SHA has "serious attacks" and also
that NIST is actively working to replace the current SHA algorithms.

Earlier today, I provided a URL to NIST's list of candidates
to replace SHA, which shows that work to be well underway.

So far, the NIST documents you are citing support my statements.
There are several URLs above.  I'd encourage list members
to go read them for themselves. :-)

Cheers,

Ran

_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

v2.23.0 | Report a Bug | By Email