[secdir] Secdir review of draft-turner-md4-to-historic-08
Catherine Meadows <catherine.meadows@nrl.navy.mil> Fri, 03 December 2010 22:36 UTC
Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 921BF3A69B8; Fri, 3 Dec 2010 14:36:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rQuAucX90naF; Fri, 3 Dec 2010 14:36:40 -0800 (PST)
Received: from fw5540.nrl.navy.mil (fw5540.nrl.navy.mil [132.250.196.100]) by core3.amsl.com (Postfix) with ESMTP id A472F3A6452; Fri, 3 Dec 2010 14:36:31 -0800 (PST)
Received: from chacs.nrl.navy.mil (sun1.fw5540.net [10.0.0.11]) by fw5540.nrl.navy.mil (8.13.8/8.13.6) with ESMTP id oB3MbYw9005948; Fri, 3 Dec 2010 17:37:35 -0500 (EST)
Received: from chacs.nrl.navy.mil (sun1 [10.0.0.11]) by chacs.nrl.navy.mil (8.13.8/8.13.6) with SMTP id oB3MbWtP023008; Fri, 3 Dec 2010 17:37:32 -0500 (EST)
Received: (from [IPv6:::1] [10.0.0.13]) by chacs.nrl.navy.mil (SMSSMTP 4.1.16.48) with SMTP id M2010120317373102830 ; Fri, 03 Dec 2010 17:37:32 -0500
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Apple Message framework v1082)
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
Date: Fri, 03 Dec 2010 17:37:31 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <8B1C3F0B-07B7-4B48-A2BA-9E8719A49CF9@nrl.navy.mil>
To: iesg@ietf.org, secdir@ietf.org
X-Mailer: Apple Mail (2.1082)
Subject: [secdir] Secdir review of draft-turner-md4-to-historic-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Dec 2010 22:36:43 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document recommends that the MD4 hash algorithm be retired and moved to historic status and gives the rationale for doing this, namely its known vulnerability to collision and pre-image attacks. The impact is mostly minimal, except for three Microsoft RFCs that are still supported in various versions of Windows and the RADIUS and EAP RFCs . It would be helpful to learn what other algorithms these OSs and RFCs support. This would give a better idea of the effect of dropping MD4; if there are other alternatives supported by the OS's the impact should be minimal here as well. Other than that, I have no problems with the decision or rationale. I agree, as I am sure that everyone else does, that MD4 should be retired. Some nits: 1. "Section 6 also discussed" should be "Section 6 also discusses" This occurs in several places. 2. " The RC4-HMAC is supported in Microsoft's Windows 2000 and later for backwards compatibility with Windows 2000. " later supported by what? I assume later versions of Windows, but it is probably a good idea to make this clear. 3. When you say that with one exception the impact of retiring MD4 would be minimal, it would be a good idea to mention that exception upfront. It is fairly clear after you read the whole impact section that the exception is the Microsoft RFCs, but nowhere where is that said explicitly. 4. I'm not sure wether or not the discussion of MD4's resistance against key recovery attack really belongs in the impacts section (in the discussion of RC4-HMAC). It might give the impression that RC4-HMAC is secure against key recovery, and, given the other attacks found against MD4, it is reasonable to believe that this security is only temporary. I would suggest putting this discussion in the security considerations section, and also, wherever it does end up, adding the appropriate caveats. Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows@nrl.navy.mil
- [secdir] Secdir review of draft-turner-md4-to-his… Catherine Meadows
- Re: [secdir] Secdir review of draft-turner-md4-to… Sean Turner
- Re: [secdir] Secdir review of draft-turner-md4-to… Catherine Meadows
- Re: [secdir] Secdir review of draft-turner-md4-to… Sean Turner