IETF Logo Mail Archive

Re: [saag] SHA-1 to SHA-n transition

"Hallam-Baker, Phillip" <pbaker@verisign.com> Tue, 03 March 2009 17:54 UTC

Return-Path: <pbaker@verisign.com>
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3682B3A6C85 for <saag@core3.amsl.com>; Tue, 3 Mar 2009 09:54:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.214
X-Spam-Level:
X-Spam-Status: No, score=-6.214 tagged_above=-999 required=5 tests=[AWL=0.384, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wNrpy5oTNaqz for <saag@core3.amsl.com>; Tue, 3 Mar 2009 09:54:31 -0800 (PST)
Received: from robin.verisign.com (robin.verisign.com [65.205.251.75]) by core3.amsl.com (Postfix) with ESMTP id 6028F3A6C89 for <saag@ietf.org>; Tue, 3 Mar 2009 09:54:02 -0800 (PST)
Received: from MOU1WNEXCN03.vcorp.ad.vrsn.com (mailer6.verisign.com [65.205.251.33]) by robin.verisign.com (8.12.11/8.13.4) with ESMTP id n23Hs4SQ016076; Tue, 3 Mar 2009 09:54:24 -0800
Received: from MOU1WNEXMB09.vcorp.ad.vrsn.com ([10.25.15.197]) by MOU1WNEXCN03.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 3 Mar 2009 09:54:08 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C99C29.0C26B3F2"
Date: Tue, 03 Mar 2009 09:54:06 -0800
Message-ID: <2788466ED3E31C418E9ACC5C3166155768B2F0@mou1wnexmb09.vcorp.ad.vrsn.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [saag] SHA-1 to SHA-n transition
Thread-Index: AcmcF0aeonTVg2p2S36gmYbUFxILPAADOD4q
References: <E1LeWpO-00075B-8L@wintermute01.cs.auckland.ac.nz>
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, ekr@networkresonance.com, Nicolas.Williams@sun.com
X-OriginalArrivalTime: 03 Mar 2009 17:54:08.0187 (UTC) FILETIME=[0CF6E8B0:01C99C29]
Cc: mouse@Rodents-Montreal.ORG, saag@ietf.org
Subject: Re: [saag] SHA-1 to SHA-n transition
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Mar 2009 17:54:32 -0000

First step would be to try to understand the business issues that cause people to avoid deployment.

If we are going to get anywhere we have to recognize that these issues are not only in IETF scope, they are the most important issues for the IETF to consider if the IETF is going to have the real-world relevance that we all hope for.

We have to face the fact that deployment of new protocols has often been a failure and that changes to deployed protocols have failed with even greater frequency.


-----Original Message-----
From: saag-bounces@ietf.org on behalf of Peter Gutmann
Sent: Tue 3/3/2009 10:46 AM
To: ekr@networkresonance.com; Nicolas.Williams@sun.com
Cc: mouse@Rodents-Montreal.ORG; saag@ietf.org
Subject: Re: [saag] SHA-1 to SHA-n transition
 
Eric Rescorla <ekr@networkresonance.com> writes:

>"We must do something. This is something. We must do this."

So you've got the choice between the Polician's Fallacy (the above) and
psychosis ("PKI has been failing for 30 years [0], let's try more of it in the
hope that it suddenly works this time").

I think we need psychiatrists for this more than we need security geeks.

(I don't know the answer either, but admitting you have a problem with your
current approach is always the first step to recovery).

Peter.

[0] Or 20 years if you measure your epoch from X.509 rather than Kohnfelder.
_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email