Re: [OPSEC] draft-bhatia-manral-igp-crypto-requirements
Vishwas Manral <vishwas.ietf@gmail.com> Tue, 24 February 2009 18:19 UTC
Return-Path: <vishwas.ietf@gmail.com>
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8662F3A63D2 for <opsec@core3.amsl.com>; Tue, 24 Feb 2009 10:19:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 25L+OUzxAv9s for <opsec@core3.amsl.com>; Tue, 24 Feb 2009 10:19:22 -0800 (PST)
Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.27]) by core3.amsl.com (Postfix) with ESMTP id 857A53A69C9 for <opsec@ietf.org>; Tue, 24 Feb 2009 10:19:22 -0800 (PST)
Received: by qw-out-2122.google.com with SMTP id 3so1549795qwe.31 for <opsec@ietf.org>; Tue, 24 Feb 2009 10:19:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=+Ws4DG41zrjh9Xw9OIeOKHiRUDuEjjpPjYjwIbbwDYw=; b=A/uVPsPYeGdpuHzz0Vqj2fJVKTNF2jMTa8HSZ6BZ6s3C5sIsI4cgtHltyHIwISi70v zh5QwHQ/QrjATMHZLAaqU7O2M2CU2Tyu1EZV3d2wCkqTOu+QOu3QYeoZhedVf3a9/NI9 F31/CHadWym/db/T+FMooh6wuBmrCaUd5cL3g=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=pSVEdITS4fMj21wYZuqaOw5zDlpcQbvCAecPfU+eRiL4a3PBxrc4hdTRCf77NOhPvg PPdisu8imtlHav0zePrrkxqvzEI5l7WzyhTxSCjbQzkYww5wFKNLQp9vE1DBhjQjcaJf /gVR/qDhD20jdikpjWtK7IP856YENigJuUECc=
MIME-Version: 1.0
Received: by 10.229.74.68 with SMTP id t4mr2027186qcj.102.1235499581448; Tue, 24 Feb 2009 10:19:41 -0800 (PST)
In-Reply-To: <92c950310902240904y31537b3cn1837b4a78ba4a40b@mail.gmail.com>
References: <77ead0ec0902232009s260cee0dn4f81390ddf698e1c@mail.gmail.com> <92c950310902240904y31537b3cn1837b4a78ba4a40b@mail.gmail.com>
Date: Tue, 24 Feb 2009 10:19:41 -0800
Message-ID: <77ead0ec0902241019n3342915q7777c7475b5bda5a@mail.gmail.com>
From: Vishwas Manral <vishwas.ietf@gmail.com>
To: Glen Kent <glen.kent@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: opsec wg mailing list <opsec@ietf.org>
Subject: Re: [OPSEC] draft-bhatia-manral-igp-crypto-requirements
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Feb 2009 18:19:23 -0000
Hi Glen, Thanks for your support of the document. There was no ambiguity as such, however Ran wanted us to look further into whether the recently announced vulnerabilities to SHA-1 and MD5 would effect the reccomendation for HMAC-SHA-1. Thanks, Vishwas On Tue, Feb 24, 2009 at 9:04 AM, Glen Kent <glen.kent@gmail.com> wrote: > So was there any ambiguity in recommending HMAC-SHA1 over other > available options ever? > > I re-read the document, found it extremely simple, the recommendations > look right, found it just to be what OPSEC must own up. > > Glen > > On Tue, Feb 24, 2009 at 9:39 AM, Vishwas Manral <vishwas.ietf@gmail.com> wrote: >> Hi folks, >> >> We now have got some clear guidance regarding this document from the >> Security AD's regarding the cryptographic algorithms (Joel has been >> privy to those mails). The guidance seems to second what Hugo and >> other cryptographers have been stating all along. The crux of what has >> been said is: >> >> MD5 should not be used for crypto purposes. SHA-1 though stronger is >> also vulnerable. HMAC-MD5 though not yet vulnerable looks highly >> suspect and should not be reccomended. HMAC-SHA-1 for now looks ok and >> can be reccomended. Goinf forward we should try to reccomend the SHA-2 >> family of protocols. >> >> With these clear guidances matching what we have in our documents, I >> would like to ask the working group to look into this document >> further. We can then look at getting this as a WG document. >> >> Thanks, >> Vishwas >> _______________________________________________ >> OPSEC mailing list >> OPSEC@ietf.org >> https://www.ietf.org/mailman/listinfo/opsec >> >
- [OPSEC] draft-bhatia-manral-igp-crypto-requiremen… Vishwas Manral
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… Glen Kent
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… Vishwas Manral
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… Joel Jaeggli
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… Vishwas Manral
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… Joel Jaeggli
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… Bhatia, Manav (Manav)
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… John Smith
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… Pasi.Eronen
- Re: [OPSEC] draft-bhatia-manral-igp-crypto-requir… Vishwas Manral