Re: [saag] [Cfrg] RFC analyzing IETF use of hash functions [was: Re: Further MD5 breaks: Creating a rogue CA certificate]

Paul Hoffman <paul.hoffman@vpnc.org> Mon, 05 January 2009 23:10 UTC

Return-Path: <saag-bounces@ietf.org>
X-Original-To: saag-archive@ietf.org
Delivered-To: ietfarch-saag-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2F07B3A68BA; Mon, 5 Jan 2009 15:10:29 -0800 (PST)
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F11E33A68BA; Mon, 5 Jan 2009 15:10:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oYj8bWPXJEba; Mon, 5 Jan 2009 15:10:26 -0800 (PST)
Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 779203A684C; Mon, 5 Jan 2009 15:10:26 -0800 (PST)
Received: from [10.20.30.158] (sn81.proper.com [75.101.18.81]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05N9xhd057971 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 16:10:01 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p06240813c58843633ee5@[10.20.30.158]>
In-Reply-To: <21E69071-3D71-4882-94DF-80163CE7BEC9@cisco.com>
References: <E1LHplH-0006Xw-V6@wintermute01.cs.auckland.ac.nz> <7E552E3F-C85A-4F0E-AC3E-879720A1E55F@extremenetworks.com> <21E69071-3D71-4882-94DF-80163CE7BEC9@cisco.com>
Date: Mon, 05 Jan 2009 15:09:58 -0800
To: David McGrew <mcgrew@cisco.com>, RJ Atkinson <rja@extremenetworks.com>
From: Paul Hoffman <paul.hoffman@vpnc.org>
Cc: cfrg@irtf.org, saag@ietf.org
Subject: Re: [saag] [Cfrg] RFC analyzing IETF use of hash functions [was: Re: Further MD5 breaks: Creating a rogue CA certificate]
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: saag-bounces@ietf.org
Errors-To: saag-bounces@ietf.org

At 2:50 PM -0800 1/5/09, David McGrew wrote:
>I think it is a great idea to document the IETF applications/uses of hashing, and the attacks against particular uses of hashing.  It would make a great CFRG informational RFC, if we can find volunteers to contribute to and edit it.  I offer to review it.

I will volunteer to update RFC 4270, and I assume that Bruce Schneier would be willing to still be my co-author.

--Paul Hoffman, Director
--VPN Consortium
_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag