[saag] Revision of "Attacks on Cryptographic Hashes in Internet Protocols"

Paul Hoffman <paul.hoffman@vpnc.org> Thu, 08 November 2012 12:29 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 793FD21F87F7 for <saag@ietfa.amsl.com>; Thu, 8 Nov 2012 04:29:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 5nkehBCcD+MM for <saag@ietfa.amsl.com>; Thu, 8 Nov 2012 04:29:24 -0800 (PST)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id 057B721F8793 for <saag@ietf.org>; Thu, 8 Nov 2012 04:29:23 -0800 (PST)
Received: from [] (173-15-223-105-BusName-Atlanta.hfc.comcastbusiness.net []) (authenticated bits=0) by hoffman.proper.com (8.14.5/8.14.5) with ESMTP id qA8CTJOK007135 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <saag@ietf.org>; Thu, 8 Nov 2012 05:29:20 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Message-Id: <9B93EFAD-AD9B-4402-8CC2-79239EB3DF2E@vpnc.org>
Date: Thu, 8 Nov 2012 07:29:21 -0500
To: IETF Security Area Advisory Group <saag@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
X-Mailer: Apple Mail (2.1499)
Subject: [saag] Revision of "Attacks on Cryptographic Hashes in Internet Protocols"
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2012 12:29:24 -0000

Greetings again. Bruce Schneier and I have started an update to RFC 4270, "Attacks on Cryptographic Hashes in Internet Protocols". This revision is meant to deal with new and more devastating attacks on MD5, the fact that SHA-1 collisions will be financially feasible in the foreseeable future, and NIST's upcoming SHA-3 announcements. We expect to keep this revision process open for at least five months because NIST probably won't finalize the parameters and naming and so on for KECCAK until then; that is, we won't send this to RFC Editor until SHA-3 is finalized. Please take a look at 


Sean and Stephen have agreed that we should use the SAAG mailing list for discussing this draft. 

--Paul Hoffman