IETF Logo Mail Archive

Re: [OPSEC] minutes part 2

R Atkinson <ran.atkinson@gmail.com> Mon, 29 December 2008 18:03 UTC

Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BD3D828C270; Mon, 29 Dec 2008 10:03:04 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9B99A28C270 for <opsec@core3.amsl.com>; Mon, 29 Dec 2008 10:03:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4i6uubPyvaFN for <opsec@core3.amsl.com>; Mon, 29 Dec 2008 10:03:02 -0800 (PST)
Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.27]) by core3.amsl.com (Postfix) with ESMTP id A54C428C262 for <opsec@ietf.org>; Mon, 29 Dec 2008 10:03:02 -0800 (PST)
Received: by qw-out-2122.google.com with SMTP id 3so2712998qwe.31 for <opsec@ietf.org>; Mon, 29 Dec 2008 10:02:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime-version :subject:date:references:x-mailer; bh=JbCCYoHRBhzCOgfGrN7reNV+fo+VNnCQPS59oPUJOe4=; b=DBJ7WqzMdEPodgKivxOKdtaDFITpfs3uFn7qTOXuNKtuEQXTagPwescEWyvjOrouxk zLjrFPfrZ05NXWNeHAYxz9BeXNSQapg1VCzybb40wGeSUj+ZF8G71Jc07x8h1gLewmNY iltBr7MX088vfGi0JhY7R7O7hJdOGdHuGChMQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:from:to:in-reply-to:content-type :content-transfer-encoding:mime-version:subject:date:references :x-mailer; b=WBjdx/cNRuqxVCHvuikmm6AfK4hK2BQoT+wi38kScizzGg8C2XIKuBFgCKi46/gmoK cWmDJHvbArhz9mGnUMthPWe2Id+x7olgDvyoeiyDWciOo6TLO3v8xfi5q+3mEqEwbj0m Cfd/bhT/f9hzP+Y1lW2r0PQQIla06HGMmYUhs=
Received: by 10.214.80.1 with SMTP id d1mr11389269qab.288.1230573771390; Mon, 29 Dec 2008 10:02:51 -0800 (PST)
Received: from ?10.30.20.71? (pool-72-84-80-181.nrflva.fios.verizon.net [72.84.80.181]) by mx.google.com with ESMTPS id 6sm4353129ywi.46.2008.12.29.10.02.50 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 29 Dec 2008 10:02:50 -0800 (PST)
Message-Id: <150709D1-CD36-474E-98F9-5FC363FBBD10@gmail.com>
From: R Atkinson <ran.atkinson@gmail.com>
To: opsec@ietf.org
In-Reply-To: <77ead0ec0812231600vbd7c8fejd3a72a67b200185c@mail.gmail.com>
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Mon, 29 Dec 2008 13:02:49 -0500
References: <EC3F7E1D-F7C8-484A-A0C0-1A25E79AD86E@extremenetworks.com> <77ead0ec0812161118l3ca37732m541deb4c716a8f42@mail.gmail.com> <0C823E84-78EE-4234-9AD8-20688B0F8F55@gmail.com> <77ead0ec0812161616r5cc782c5j69415f75d4aa82bb@mail.gmail.com> <7EBC9C5C-EDF9-4CDD-8E1B-B9D05656ACAA@gmail.com> <494D48B6.9090302@bogus.com> <77ead0ec0812222113m28f91093ke6512a5d7a287b0c@mail.gmail.com> <1D5F3F5F-4357-4E25-BEDE-35300949EDB8@gmail.com> <77ead0ec0812231021g2a9b84a5q70533d5e0d74f7b4@mail.gmail.com> <4A20D9A3-5A0B-4A11-AF7E-0773E0519B23@gmail.com> <77ead0ec0812231600vbd7c8fejd3a72a67b200185c@mail.gmail.com>
X-Mailer: Apple Mail (2.930.3)
Subject: Re: [OPSEC] minutes part 2
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

On  23 Dec 2008, at 19:00, Vishwas Manral wrote:
> So are you stating that the current known vulnerabilities affect the
> HMAC constructs too?

I'm claiming there is no clear scientific evidence that
any one approach is stronger than another.  There is data
causing anxiety about each of the underlying algorithms.

So far as I can tell from a literature survey, there are no
published attacks on Keyed-MD5 or on HMAC-MD5 or on HMAC-SHA
-- but that absence of published attacks does not provide
any scientific reason to prefer any one of those over any
other of those.

If someone has a refereed openly published paper evaluating
these scientifically, please share the paper (or a pointer
to the paper) here so everyone can read it.

Absent such a paper, the data collectively gives cause for concern,
but does not obviously support one choice over another *on
scientific grounds*.

Cheers,

Ran

_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

v2.23.0 | Report a Bug | By Email