Re: [Pals] Stephen Farrell's No Objection on draft-ietf-pwe3-iccp-stp-04: (with COMMENT)
Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 27 October 2015 16:29 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: pals@ietfa.amsl.com
Delivered-To: pals@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57A531AC3AD; Tue, 27 Oct 2015 09:29:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FzXsHK9g25lz; Tue, 27 Oct 2015 09:29:41 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82B7F1A911A; Tue, 27 Oct 2015 09:29:41 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 6E4A7BE7B; Tue, 27 Oct 2015 16:29:39 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kkjgIWBCk2Oe; Tue, 27 Oct 2015 16:29:39 +0000 (GMT)
Received: from [134.226.36.93] (bilbo.dsg.cs.tcd.ie [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 83501BE77; Tue, 27 Oct 2015 16:29:38 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1445963379; bh=eZk2L+rp7/DXQlgW9M05RRhBbyCoKjasI7e775Xd/Lg=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=dfTbpNCpDC2vX3Nu+efaX4KoS5MF4tW0uR+Tht5PEW4l8LgAbcspB/8GK37QBcEVs AUNMautThKScdoCadhwHIvX2rgjHKSLBSPQ89xJRkH4lTSpne3MYYMkZFmYYLpKObt bncxvVsTXTf1rmr2QlRWKRwuF3t/dhCANUODAke8=
To: Mick Seaman <mickseaman@sbcglobal.net>, "Andrew G. Malis" <agmalis@gmail.com>
References: <20150930131025.18397.72483.idtracker@ietfa.amsl.com> <4552F0907735844E9204A62BBDD325E78720B6E3@nkgeml512-mbx.china.huawei.com> <56179249.6040108@cs.tcd.ie> <4552F0907735844E9204A62BBDD325E78720BCF6@nkgeml512-mbx.china.huawei.com> <4552F0907735844E9204A62BBDD325E78720FDC7@nkgeml512-mbx.china.huawei.com> <562F9204.5000303@cs.tcd.ie> <CAA=duU1e4hnr=D6ptCHNQHBmELYvodwXEL326hcYrXAmhKB-TQ@mail.gmail.com> <562FA4EC.3060501@sbcglobal.net>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <562FA672.2060501@cs.tcd.ie>
Date: Tue, 27 Oct 2015 16:29:38 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <562FA4EC.3060501@sbcglobal.net>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/pals/k_LrPGPe9A5cVd6YQDhReiKMyXU>
Cc: Mingui Zhang <zhangmingui@huawei.com>, "pals-chairs@ietf.org" <pals-chairs@ietf.org>, The IESG <iesg@ietf.org>, "pals@ietf.org" <pals@ietf.org>
Subject: Re: [Pals] Stephen Farrell's No Objection on draft-ietf-pwe3-iccp-stp-04: (with COMMENT)
X-BeenThere: pals@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Pseudowire And LDP-enabled Services dicussion list." <pals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pals>, <mailto:pals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pals/>
List-Post: <mailto:pals@ietf.org>
List-Help: <mailto:pals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pals>, <mailto:pals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Oct 2015 16:29:44 -0000
Just to be clear, my (non blocking) comment wasn't about security but just about use of a fixed width field when the underlying IEEE spec could change to use of a different sized value. S. On 27/10/15 16:23, Mick Seaman wrote: > I (personal opinion) agree with Andy with regard to has function change > probability. The use of HMAC-MD5 in 802.1Q is as a hash/digest of data > to confirm (to an acceptable level of probability that the input data > that two parties hold is the same, without any view as to the presence > of malicious parties - security is handled quite separately from this). > To be honest in retrospect we might just as well have used a CRC: > security functions aren't magic dust. It's a common misconception that a > hashing function that has desirable security properties (an attacker > don't know how to change hash if data is changed, doesn't know how to > change data to match a different hash value) necessarily has better > hash properties in the sense it distributes the results of input data > more evenly over the set of output hash data values. I have no reason to > suppose that SHA-256 would be 'better'/significantly different in terms > of the use of HMAC-MD5 in 802.1Q-2014. > > Mick Seaman > > On 10/27/2015 8:41 AM, Andrew G. Malis wrote: >> Stephen, >> >> As WG co-chair, I view this as a low-probability event that can be >> fixed by a revision to the RFC if it becomes necessary. >> >> Thanks, >> Andy >> >> On Tue, Oct 27, 2015 at 11:02 AM, Stephen Farrell >> <stephen.farrell@cs.tcd.ie <mailto:stephen.farrell@cs.tcd.ie>> wrote: >> >> >> Hi, >> >> Sorry for the very slow response. >> >> On 16/10/15 02:26, Mingui Zhang wrote: >> > Hi Stephen, >> > >> > We haven't heard from you. Could you confirm whether the >> explanation is acceptable? >> >> I guess its acceptable, but maybe brittle, if the IEEE folks >> revise their stuff to use a different hash function. From their >> point of view that's a much smaller change than changing the >> size of MAC addresses. I'd say best would be if we did not >> have a fixed length, but rather said the length depends on >> the hash function being used. (I forget if that means you'd >> need a length field or algorithm identifier in your protocol.) >> >> S. >> >> >> >> > >> > Thanks, >> > Mingui >> > >> >> -----Original Message----- >> >> From: Pals [mailto:pals-bounces@ietf.org >> <mailto:pals-bounces@ietf.org>] On Behalf Of Mingui Zhang >> >> Sent: Saturday, October 10, 2015 9:32 AM >> >> To: Stephen Farrell; The IESG >> >> Cc: pals-chairs@ietf.org <mailto:pals-chairs@ietf.org>; >> agmalis@gmail.com <mailto:agmalis@gmail.com>; pals@ietf.org >> <mailto:pals@ietf.org> >> >> Subject: Re: [Pals] Stephen Farrell's No Objection on >> draft-ietf-pwe3-iccp-stp-04: >> >> (with COMMENT) >> >> >> >> Hi Stephen, >> >> >> >> Yes, it assumes a certainly length. >> >> I think this issue is similar as the EUI-64 issue: currently, >> the document >> >> assumes a traditional 48-bit MAC addresses are used, which is >> in consistence >> >> with RFC 7275. >> >> >> >> When I compared 802.1q-2005 and 802.1q-2014. I found all >> references related >> >> to 802.1q in the document are not changed. If such kind of >> changes do happen >> >> in the future, they could be and should be handled in the next >> protocol version >> >> of the STP-ICCP application, I think. >> >> >> >> Does it make sense? >> >> >> >> Thanks, >> >> Mingui >> >> >> >>> -----Original Message----- >> >>> From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie >> <mailto:stephen.farrell@cs.tcd.ie>] >> >>> Sent: Friday, October 09, 2015 6:09 PM >> >>> To: Mingui Zhang; The IESG >> >>> Cc: pals-chairs@ietf.org <mailto:pals-chairs@ietf.org>; >> agmalis@gmail.com <mailto:agmalis@gmail.com>; pals@ietf.org >> <mailto:pals@ietf.org> >> >>> Subject: Re: [Pals] Stephen Farrell's No Objection on >> >> draft-ietf-pwe3-iccp-stp-04: >> >>> (with COMMENT) >> >>> >> >>> >> >>> >> >>> On 09/10/15 03:54, Mingui Zhang wrote: >> >>>> Hi Stephen, >> >>>> >> >>>> 802.1q uses hmac-md5. This still holds in the latest version of >> >>>> 802.1q. >> >>>> >> >>>> I agree that sha256 could be used to enhance the security. >> However, >> >>>> I think that kind of enhancement is out the scope of this >> document >> >>>> and should be discussed in 802.1q. >> >>> >> >>> Of course. But if they do that, and make a change what is the >> impact >> >>> here is my question. (I didn't re-read the doc, but was this >> one where >> >>> it assumes a certainly length or something?) >> >>> >> >>> S >> >>> >> >>>> >> >>>> Thanks, Mingui >> >>>> >> >>>>> -----Original Message----- From: Pals >> >>>>> [mailto:pals-bounces@ietf.org >> <mailto:pals-bounces@ietf.org>] On Behalf Of Stephen Farrell Sent: >> >>>>> Wednesday, September 30, 2015 9:10 PM To: The IESG Cc: >> >>>>> pals-chairs@ietf.org <mailto:pals-chairs@ietf.org>; >> agmalis@gmail.com <mailto:agmalis@gmail.com>; pals@ietf.org >> <mailto:pals@ietf.org> Subject: >> >>>>> [Pals] Stephen Farrell's No Objection on >> >>>>> draft-ietf-pwe3-iccp-stp-04: (with COMMENT) >> >>>>> >> >>>>> Stephen Farrell has entered the following ballot position for >> >>>>> draft-ietf-pwe3-iccp-stp-04: No Objection >> >>>>> >> >>>>> When responding, please keep the subject line intact and >> reply to >> >>>>> all email addresses included in the To and CC lines. (Feel >> free to >> >>>>> cut this introductory paragraph, however.) >> >>>>> >> >>>>> >> >>>>> Please refer to >> >>>>> https://www.ietf.org/iesg/statement/discuss-criteria.html >> for more >> >>>>> information about IESG DISCUSS and COMMENT positions. >> >>>>> >> >>>>> >> >>>>> The document, along with other ballot positions, can be found >> >>>>> here: >> https://datatracker.ietf.org/doc/draft-ietf-pwe3-iccp-stp/ >> >>>>> >> >>>>> >> >>>>> >> >>>>> >> ------------------------------------------------------------------- >> >>>>> -- >> >>>>> - >> >>>>> >> >>>>> >> >>> COMMENT: >> >>>>> >> ------------------------------------------------------------------- >> >>>>> -- >> >>>>> - >> >>>>> >> >>>>> >> >>>>> >> >>>>> >> >>> - 3.3.5: is that a hard-coded sha1 or md5? if so, why is that >> ok? what >> >>> if 802.1q >> >>>>> is fixed/improved e.g. to use sha256? >> >>>>> >> >>>>> >> >>>>> _______________________________________________ Pals mailing >> list >> >>>>> Pals@ietf.org <mailto:Pals@ietf.org> >> https://www.ietf.org/mailman/listinfo/pals >> >> _______________________________________________ >> >> Pals mailing list >> >> Pals@ietf.org <mailto:Pals@ietf.org> >> >> https://www.ietf.org/mailman/listinfo/pals >> > >> >> >> >> >> _______________________________________________ >> Pals mailing list >> Pals@ietf.org >> https://www.ietf.org/mailman/listinfo/pals > >
- [Pals] Stephen Farrell's No Objection on draft-ie… Stephen Farrell
- Re: [Pals] Stephen Farrell's No Objection on draf… Mingui Zhang
- Re: [Pals] Stephen Farrell's No Objection on draf… Stephen Farrell
- Re: [Pals] Stephen Farrell's No Objection on draf… Mingui Zhang
- Re: [Pals] Stephen Farrell's No Objection on draf… Mingui Zhang
- Re: [Pals] Stephen Farrell's No Objection on draf… Stephen Farrell
- Re: [Pals] Stephen Farrell's No Objection on draf… Andrew G. Malis
- Re: [Pals] Stephen Farrell's No Objection on draf… Mick Seaman
- Re: [Pals] Stephen Farrell's No Objection on draf… Stephen Farrell
- Re: [Pals] Stephen Farrell's No Objection on draf… Mick Seaman