Re: [secdir] Secdir review of draft-turner-md2-to-historic-05
Catherine Meadows <catherine.meadows@nrl.navy.mil> Mon, 18 October 2010 19:09 UTC
Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CE2CF3A6D0B; Mon, 18 Oct 2010 12:09:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.762
X-Spam-Level:
X-Spam-Status: No, score=-1.762 tagged_above=-999 required=5 tests=[AWL=0.836, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h6E3s65oUls0; Mon, 18 Oct 2010 12:09:44 -0700 (PDT)
Received: from fw5540.nrl.navy.mil (fw5540.nrl.navy.mil [132.250.196.100]) by core3.amsl.com (Postfix) with ESMTP id 4C78C3A6B8F; Mon, 18 Oct 2010 12:09:43 -0700 (PDT)
Received: from chacs.nrl.navy.mil (sun1.fw5540.net [10.0.0.11]) by fw5540.nrl.navy.mil (8.13.8/8.13.6) with ESMTP id o9IJBCrb006829; Mon, 18 Oct 2010 15:11:12 -0400 (EDT)
Received: from chacs.nrl.navy.mil (sun1 [10.0.0.11]) by chacs.nrl.navy.mil (8.13.8/8.13.6) with SMTP id o9IJB5iB010158; Mon, 18 Oct 2010 15:11:10 -0400 (EDT)
Received: from siduri.fw5540.net ([10.0.3.73]) by chacs.nrl.navy.mil (SMSSMTP 4.1.16.48) with SMTP id M2010101815110906141 ; Mon, 18 Oct 2010 15:11:09 -0400
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: multipart/alternative; boundary="Apple-Mail-5--115476741"
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
In-Reply-To: <4CBC99E0.2080204@ieca.com>
Date: Mon, 18 Oct 2010 15:16:08 -0400
Message-Id: <9D18C25E-888A-4807-A983-D0BC208224EB@nrl.navy.mil>
References: <864DCF6A-A192-41F6-9A46-04D6AC64DC06@nrl.navy.mil> <4CBC99E0.2080204@ieca.com>
To: Sean Turner <turners@ieca.com>
X-Mailer: Apple Mail (2.1081)
Cc: draft-turner-md2-to-historic.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] Secdir review of draft-turner-md2-to-historic-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Oct 2010 19:09:46 -0000
Sean, Yes, this looks much better, although I think that for Since its publication, MD2 has been shown to not be collision-free [ROCH1995][KNMA2005][ROCH1997], albeit successful pre-image attacks for properly implement MD2 are not that damaging. what you really meant to say was Since its publication, MD2 has been shown to not be collision-free [ROCH1995][KNMA2005][ROCH1997], albeit successful collision attacks for properly implemented MD2 are not that damaging. Is that correct? Cathy On Oct 18, 2010, at 3:02 PM, Sean Turner wrote: > Catherine, > > Thanks for your review. > > How about I make the following two changes: > > 1) In Section 1, add something to provide a better characterization of the collision-resistance: > > OLD: > > Since its publication, MD2 has been shown to not be collision-free > [ROCH1995][KNMA2005][ROCH1997] and shown to have successful > pre-image attacks [KNMA2005][MULL2004][KMM2010]. > > NEW: > > Since its publication, MD2 has been shown to not be collision-free > [ROCH1995][KNMA2005][ROCH1997], albeit successful pre-image attacks > for properly implement MD2 are not that damaging. MD2 has also been > shown to have successful pre-image and second-preimage attacks > [KNMA2005[MULL2004][KMM2010]. > > 2) In section 6, align the last sentence of the second paragraph and the 1st sentence of paragraph 3: > > OLD: > > .., which is not significantly better than the birthday attack. > > Even though collision attacks on MD2 are not more powerful than > the birthday attack, MD2 was found not to be one-way... > > NEW: > > .., which is not significantly better than the birthday attack. > > Even though collision attacks on MD2 are not significantly more > powerful than the birthday attack, MD2 was found not to be > one-way... > > spt > > On 10/16/10 2:36 PM, Catherine Meadows wrote: >> I have reviewed this document as part of the security directorate's >> ongoing effort to review all IETF documents being processed by the >> IESG. These comments were written primarily for the benefit of the >> security area directors. Document editors and WG chairs should treat >> these comments just like any other last call comments. >> >> >> This document recommends that the MD2 hash algorithm be moved to historic status and gives >> the rationale for doing this. The reasons are mainly security-related, given that the algorithm >> has been shown not to be collision-free and is vulnerable to pre-image attacks. Performance is also an >> issue. The impact is minimal, given that support for MD2 in the standards that refer to it is either optional or >> discouraged. >> >> I have no problems with the decision or rationale. I agree, as I am sure that everyone else does, the MD2 >> should be retired. >> >> I do have one minor recommendation though about the rationale: in section 2 (the Rationale section), >> you say that MD2 has been shown to not be collision-free and is vulnerable to pre-image attacks. The Rationale >> appears to give both these concerns equal value. But in Section 6 (Security Considerations), you say >> that the most successful collision attacks against MD2 are not significantly better than the birthday attack, >> and the real security problems with MD2 have to do with its vulnerability to pre-image attacks. It seems to me that >> this reasoning should be reflected in the Rationale. >> >> >> Catherine Meadows >> Naval Research Laboratory >> Code 5543 >> 4555 Overlook Ave., S.W. >> Washington DC, 20375 >> phone: 202-767-3490 >> fax: 202-404-7942 >> email: catherine.meadows@nrl.navy.mil >> >> _______________________________________________ >> secdir mailing list >> secdir@ietf.org >> https://www.ietf.org/mailman/listinfo/secdir >> Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows@nrl.navy.mil
- [secdir] Secdir review of draft-turner-md2-to-his… Catherine Meadows
- Re: [secdir] Secdir review of draft-turner-md2-to… Sean Turner
- Re: [secdir] Secdir review of draft-turner-md2-to… Catherine Meadows
- Re: [secdir] Secdir review of draft-turner-md2-to… Sean Turner