IETF Logo Mail Archive

Re: [OPSEC] minutes part 2

"Vishwas Manral" <vishwas.ietf@gmail.com> Tue, 23 December 2008 05:13 UTC

Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5ABA928C135; Mon, 22 Dec 2008 21:13:30 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 155FA28C135 for <opsec@core3.amsl.com>; Mon, 22 Dec 2008 21:13:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zQZsZtcUDq71 for <opsec@core3.amsl.com>; Mon, 22 Dec 2008 21:13:29 -0800 (PST)
Received: from mail-bw0-f21.google.com (mail-bw0-f21.google.com [209.85.218.21]) by core3.amsl.com (Postfix) with ESMTP id 95CF428C130 for <opsec@ietf.org>; Mon, 22 Dec 2008 21:13:28 -0800 (PST)
Received: by bwz14 with SMTP id 14so9235724bwz.13 for <opsec@ietf.org>; Mon, 22 Dec 2008 21:13:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=tKTP9VfyzJ9Lgri4KddJWoEbGEWxXom73AfecS7iSKQ=; b=utZvtR2fz9d5UlisiA8x9D19CngmJ3qGRfervyesds/YeSP2VCoMyvMp2rChjIgB5+ FjhrphIF+pMs7gFLzv5DPn/Ue7LEgYfAaWV/lU82KO2vzj5IVZTtXBcu1O/v31D3IR9C HkTGHu2L+5NpZqUxJZ9yUlfokDoNUcHZDet3Q=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=sPDmf3q5HpuACNLDtynUAOKLWjecjTQ1aXNicnSNSHJQodcTcpn6MtiFk2jMc1JQs3 dPElXZIJ+rcq+hq4FaG4SOZv6VPCcVBYg4KU9JFxPKfpVyJBMAtrPlWsNYiAHJybr1Ka sCopUqaxlHK4UM+TOlMVirXy4Z0BfDSF0RSAc=
Received: by 10.181.138.13 with SMTP id q13mr2592644bkn.95.1230009198258; Mon, 22 Dec 2008 21:13:18 -0800 (PST)
Received: by 10.180.209.3 with HTTP; Mon, 22 Dec 2008 21:13:18 -0800 (PST)
Message-ID: <77ead0ec0812222113m28f91093ke6512a5d7a287b0c@mail.gmail.com>
Date: Mon, 22 Dec 2008 21:13:18 -0800
From: Vishwas Manral <vishwas.ietf@gmail.com>
To: Joel Jaeggli <joelja@bogus.com>
In-Reply-To: <494D48B6.9090302@bogus.com>
MIME-Version: 1.0
Content-Disposition: inline
References: <EC3F7E1D-F7C8-484A-A0C0-1A25E79AD86E@extremenetworks.com> <77ead0ec0812160927j77bf42c6mbccef8ccf55d1e16@mail.gmail.com> <90F75653-21D6-4D2B-9472-52F2BDF7510D@gmail.com> <77ead0ec0812161118l3ca37732m541deb4c716a8f42@mail.gmail.com> <0C823E84-78EE-4234-9AD8-20688B0F8F55@gmail.com> <77ead0ec0812161616r5cc782c5j69415f75d4aa82bb@mail.gmail.com> <7EBC9C5C-EDF9-4CDD-8E1B-B9D05656ACAA@gmail.com> <494D48B6.9090302@bogus.com>
Cc: opsec wg mailing list <opsec@ietf.org>, R Atkinson <ran.atkinson@gmail.com>
Subject: Re: [OPSEC] minutes part 2
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

Hi Joel/ Ran,

>> I object to the assertions in those minutes that:
>>     - the SHA approaches are better/stronger than MD5 approaches.
>>           [We have agreed that the evidence does NOT support such a
>>           claim -- which claim appears to be in the meeting minutes.]
>>
>>     - the WG should recommend/encourage/promote SHA approaches
>>           over MD5 approaches. [which claim again appears to be
>>           in the meeting minutes]
>
> Just as a point of order, I looked at the minutes and audio and I think
> their existence in the dialogue as stated in the minutes is accurate, if
> not work for word.
I find the following link for the approved algorithms for secure hashing:
http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html , they
include SHS algorithms but not MD5 ones. Though there is a line which
states that:

"After 2010, Federal agencies may use SHA-1 only for the following
applications: hash-based message authentication codes (HMACs); key
derivation functions (KDFs); and random number generators (RNGs).
Regardless of use, NIST encourages application and protocol designers
to use the SHA-2 family of hash functions for all new applications and
protocols."

MD5 is not amoung the approved algorithms for the same.

Ran, I would like to hear your views on the same.

Thanks,
Vishwas
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

v2.23.0 | Report a Bug | By Email