IETF Logo Mail Archive

Re: [saag] [Cfrg] RFC analyzing IETF use of hash functions [was:Re: Further MD5 breaks: Creating a rogue CA certificate]

"Joseph Salowey (jsalowey)" <jsalowey@cisco.com> Thu, 08 January 2009 00:03 UTC

Return-Path: <saag-bounces@ietf.org>
X-Original-To: saag-archive@ietf.org
Delivered-To: ietfarch-saag-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7418B3A6AB4; Wed, 7 Jan 2009 16:03:30 -0800 (PST)
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F0DD93A6AB4 for <saag@core3.amsl.com>; Wed, 7 Jan 2009 16:03:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.541
X-Spam-Level:
X-Spam-Status: No, score=-6.541 tagged_above=-999 required=5 tests=[AWL=0.058, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LyPrueTpI0Db for <saag@core3.amsl.com>; Wed, 7 Jan 2009 16:03:23 -0800 (PST)
Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by core3.amsl.com (Postfix) with ESMTP id 31ED43A6AAE for <saag@ietf.org>; Wed, 7 Jan 2009 16:03:23 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.37,229,1231113600"; d="scan'208";a="58639077"
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-5.cisco.com with ESMTP; 08 Jan 2009 00:03:10 +0000
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id n0803AZx017391; Wed, 7 Jan 2009 16:03:10 -0800
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id n08039lw000332; Thu, 8 Jan 2009 00:03:10 GMT
Received: from xmb-sjc-225.amer.cisco.com ([128.107.191.38]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 7 Jan 2009 16:03:07 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Wed, 07 Jan 2009 16:03:06 -0800
Message-ID: <AC1CFD94F59A264488DC2BEC3E890DE50731654F@xmb-sjc-225.amer.cisco.com>
In-Reply-To: <6FD97BCF-12BD-4A70-BAD2-E38549051882@cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [saag] [Cfrg] RFC analyzing IETF use of hash functions [was:Re: Further MD5 breaks: Creating a rogue CA certificate]
Thread-Index: AclxH17Je9YRaottSNKO3BQzgLfh3AABAnzg
References: <E1LHplH-0006Xw-V6@wintermute01.cs.auckland.ac.nz><7E552E3F-C85A-4F0E-AC3E-879720A1E55F@extremenetworks.com><21E69071-3D71-4882-94DF-80163CE7BEC9@cisco.com><p06240813c58843633ee5@[10.20.30.158]> <6FD97BCF-12BD-4A70-BAD2-E38549051882@cisco.com>
From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
To: "David McGrew (mcgrew)" <mcgrew@cisco.com>, Paul Hoffman <paul.hoffman@vpnc.org>
X-OriginalArrivalTime: 08 Jan 2009 00:03:07.0560 (UTC) FILETIME=[7C56E280:01C97124]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=1859; t=1231372990; x=1232236990; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey@cisco.com; z=From:=20=22Joseph=20Salowey=20(jsalowey)=22=20<jsalowey@ci sco.com> |Subject:=20RE=3A=20[saag]=20[Cfrg]=20RFC=20analyzing=20IET F=20use=20of=20hash=20functions=20[was=3ARe=3A=20Further=20M D5=20breaks=3A=20Creating=20a=20rogue=20CA=20certificate] |Sender:=20; bh=6esYxmVx/Saucds6qru53l4eNjYhEfSuM9PNiuJOPXg=; b=g2CijWmqhMfqPTMjTx9YnbJnD37nVbfawyXv1h5JHY7b9DW0cahFcqt05e BlA0ayOyHFMZprW3QT1uqwCquJz0uI7WvHwbew1LU1TShwW4OxLpVsbI3bF4 3uaHD/aFVZ;
Authentication-Results: sj-dkim-2; header.From=jsalowey@cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
Cc: RJ Atkinson <rja@extremenetworks.com>, cfrg@irtf.org, saag@ietf.org
Subject: Re: [saag] [Cfrg] RFC analyzing IETF use of hash functions [was:Re: Further MD5 breaks: Creating a rogue CA certificate]
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: saag-bounces@ietf.org
Errors-To: saag-bounces@ietf.org

I think this is an area where there is much ambiguity.  When a hash
function is used within a protocol it is often unclear what properties
are expected from it.  This causes problems when a flaw is uncovered and
the impact to the protocol is uncertain.  I think it would improve
things if we were a bit more specific about it. I'd be glad to
participate by reviewing, editing, contributing text or whatever else is
needed. 

Cheers,

Joe

> -----Original Message-----
> From: saag-bounces@ietf.org [mailto:saag-bounces@ietf.org] On 
> Behalf Of David McGrew (mcgrew)
> Sent: Wednesday, January 07, 2009 3:26 PM
> To: Paul Hoffman
> Cc: RJ Atkinson; cfrg@irtf.org; saag@ietf.org
> Subject: Re: [saag] [Cfrg] RFC analyzing IETF use of hash 
> functions [was:Re: Further MD5 breaks: Creating a rogue CA 
> certificate]
> 
> Hi Paul,
> 
> thanks for volunteering.  For a CFRG doc it would be good to 
> point out how existing standards can benefit from newer 
> research results, and what open problems could be addressed 
> with future research.
> 
> David
> 
> On Jan 5, 2009, at 3:09 PM, Paul Hoffman wrote:
> 
> > At 2:50 PM -0800 1/5/09, David McGrew wrote:
> >> I think it is a great idea to document the IETF 
> applications/uses of 
> >> hashing, and the attacks against particular uses of hashing.  It 
> >> would make a great CFRG informational RFC, if we can find 
> volunteers 
> >> to contribute to and edit it.  I offer to review it.
> >
> > I will volunteer to update RFC 4270, and I assume that 
> Bruce Schneier 
> > would be willing to still be my co-author.
> >
> > --Paul Hoffman, Director
> > --VPN Consortium
> 
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
> 
_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email