Re: [saag] Revision of "Attacks on Cryptographic Hashes in Internet Protocols"

Joe Touch <> Wed, 14 November 2012 07:35 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 95D7E21F8468 for <>; Tue, 13 Nov 2012 23:35:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -103.785
X-Spam-Status: No, score=-103.785 tagged_above=-999 required=5 tests=[AWL=-1.186, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ttulvZSqIdyw for <>; Tue, 13 Nov 2012 23:35:30 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 24BB321F8456 for <>; Tue, 13 Nov 2012 23:35:30 -0800 (PST)
Received: from [] ( []) (authenticated bits=0) by (8.13.8/8.13.8) with ESMTP id qAE7Z4UQ000098 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 13 Nov 2012 23:35:07 -0800 (PST)
Message-ID: <>
Date: Tue, 13 Nov 2012 23:35:04 -0800
From: Joe Touch <>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20121026 Thunderbird/16.0.2
MIME-Version: 1.0
To: Paul Hoffman <>
References: <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
Cc: IETF Security Area Advisory Group <>
Subject: Re: [saag] Revision of "Attacks on Cryptographic Hashes in Internet Protocols"
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 14 Nov 2012 07:35:30 -0000

On 11/13/2012 8:24 PM, Paul Hoffman wrote:
> On Nov 13, 2012, at 2:16 PM, Joe Touch <> wrote:
>> This doc refers to IETF protocols that use hashes, but doesn't discuss any in specific. It also doesn't address how hashes are used, e.g., solo (as a fingerprint), keyed (for authentication and source confirmation), as part of an HMAC, or as part of key derivation.
>> That sort of information might be additionally useful, IMO.
> The opposite was decided when we did RFC 4270, of which this is a direct revision. Many protocols use hashes in multiple ways, and trying to list them was considered a distraction. I believe that is still the case.

The doc says directly that the way in which specific hashes are used in 
"many" Internet protocols is safe. Indicating the details of that claim 
is critical to it having *any* weight.

Further, there's a big difference in the way in which hashes are used 
which can be just as important as the use of "better hash algorithms"

Leaving the interpretation of this doc as an exercise to the reader 
renders it inconsequential.