Re: [secdir] Secdir review of draft-turner-md2-to-historic-05

Catherine Meadows <catherine.meadows@nrl.navy.mil> Mon, 18 October 2010 19:09 UTC

Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CE2CF3A6D0B; Mon, 18 Oct 2010 12:09:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.762
X-Spam-Level:
X-Spam-Status: No, score=-1.762 tagged_above=-999 required=5 tests=[AWL=0.836, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h6E3s65oUls0; Mon, 18 Oct 2010 12:09:44 -0700 (PDT)
Received: from fw5540.nrl.navy.mil (fw5540.nrl.navy.mil [132.250.196.100]) by core3.amsl.com (Postfix) with ESMTP id 4C78C3A6B8F; Mon, 18 Oct 2010 12:09:43 -0700 (PDT)
Received: from chacs.nrl.navy.mil (sun1.fw5540.net [10.0.0.11]) by fw5540.nrl.navy.mil (8.13.8/8.13.6) with ESMTP id o9IJBCrb006829; Mon, 18 Oct 2010 15:11:12 -0400 (EDT)
Received: from chacs.nrl.navy.mil (sun1 [10.0.0.11]) by chacs.nrl.navy.mil (8.13.8/8.13.6) with SMTP id o9IJB5iB010158; Mon, 18 Oct 2010 15:11:10 -0400 (EDT)
Received: from siduri.fw5540.net ([10.0.3.73]) by chacs.nrl.navy.mil (SMSSMTP 4.1.16.48) with SMTP id M2010101815110906141 ; Mon, 18 Oct 2010 15:11:09 -0400
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: multipart/alternative; boundary=Apple-Mail-5--115476741
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
In-Reply-To: <4CBC99E0.2080204@ieca.com>
Date: Mon, 18 Oct 2010 15:16:08 -0400
Message-Id: <9D18C25E-888A-4807-A983-D0BC208224EB@nrl.navy.mil>
References: <864DCF6A-A192-41F6-9A46-04D6AC64DC06@nrl.navy.mil> <4CBC99E0.2080204@ieca.com>
To: Sean Turner <turners@ieca.com>
X-Mailer: Apple Mail (2.1081)
Cc: draft-turner-md2-to-historic.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] Secdir review of draft-turner-md2-to-historic-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Oct 2010 19:09:46 -0000

Sean,

Yes, this looks much better, although I think that for

Since its publication, MD2 has been shown to not be collision-free
[ROCH1995][KNMA2005][ROCH1997], albeit successful pre-image attacks
for properly implement MD2 are not that damaging. 

what you really meant to say was

Since its publication, MD2 has been shown to not be collision-free
[ROCH1995][KNMA2005][ROCH1997], albeit successful collision  attacks
for properly implemented MD2 are not that damaging. 

Is that correct?

Cathy

On Oct 18, 2010, at 3:02 PM, Sean Turner wrote:

> Catherine,
> 
> Thanks for your review.
> 
> How about I make the following two changes:
> 
> 1) In Section 1, add something to provide a better characterization of the collision-resistance:
> 
> OLD:
> 
> Since its publication, MD2 has been shown to not be collision-free
> [ROCH1995][KNMA2005][ROCH1997] and shown to have successful
> pre-image attacks [KNMA2005][MULL2004][KMM2010].
> 
> NEW:
> 
> Since its publication, MD2 has been shown to not be collision-free
> [ROCH1995][KNMA2005][ROCH1997], albeit successful pre-image attacks
> for properly implement MD2 are not that damaging. MD2 has also been
> shown to have successful pre-image and second-preimage attacks
> [KNMA2005[MULL2004][KMM2010].
> 
> 2) In section 6, align the last sentence of the second paragraph and the 1st sentence of paragraph 3:
> 
> OLD:
> 
> .., which is not significantly better than the birthday attack.
> 
> Even though collision attacks on MD2 are not more powerful than
> the  birthday attack, MD2 was found not to be one-way...
> 
> NEW:
> 
> .., which is not significantly better than the birthday attack.
> 
> Even though collision attacks on MD2 are not significantly more
> powerful than the birthday attack, MD2 was found not to be
> one-way...
> 
> spt
> 
> On 10/16/10 2:36 PM, Catherine Meadows wrote:
>> I have reviewed this document as part of the security directorate's
>> ongoing effort to review all IETF documents being processed by the
>> IESG.  These comments were written primarily for the benefit of the
>> security area directors.  Document editors and WG chairs should treat
>> these comments just like any other last call comments.
>> 
>> 
>> This document recommends that the MD2 hash algorithm be moved to historic status and gives
>> the rationale for doing this.  The reasons are mainly security-related, given that the algorithm
>> has been shown not to be collision-free and is vulnerable to pre-image attacks.  Performance is also an
>> issue.  The impact is minimal, given that support for MD2 in the standards that refer to it is either optional or
>> discouraged.
>> 
>> I have no problems with the decision or rationale.  I agree, as I am sure that everyone else does, the MD2
>> should be retired.
>> 
>> I do have one minor recommendation though about the rationale: in section 2 (the Rationale section),
>> you say that MD2 has been shown to not be collision-free and is vulnerable to pre-image attacks.  The Rationale
>> appears to give both these concerns equal value. But in Section 6 (Security Considerations), you say
>> that the most successful collision attacks against MD2 are not significantly better than the birthday attack,
>> and the real security problems with MD2 have to do with its vulnerability to pre-image attacks.  It seems to me that
>> this reasoning should be reflected in the Rationale.
>> 
>> 
>> Catherine Meadows
>> Naval Research Laboratory
>> Code 5543
>> 4555 Overlook Ave., S.W.
>> Washington DC, 20375
>> phone: 202-767-3490
>> fax: 202-404-7942
>> email: catherine.meadows@nrl.navy.mil
>> 
>> _______________________________________________
>> secdir mailing list
>> secdir@ietf.org
>> https://www.ietf.org/mailman/listinfo/secdir
>> 

Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil