IETF Logo Mail Archive

Re: [secdir] Secdir review of draft-ietf-ospf-auth-trailer-ospfv3-08

Sam Hartman <hartmans-ietf@mit.edu> Sat, 29 October 2011 19:42 UTC

Return-Path: <hartmans@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21B0E21F869E; Sat, 29 Oct 2011 12:42:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.972
X-Spam-Level:
X-Spam-Status: No, score=-102.972 tagged_above=-999 required=5 tests=[AWL=-0.707, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jclCansO5+Sm; Sat, 29 Oct 2011 12:42:16 -0700 (PDT)
Received: from mail.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by ietfa.amsl.com (Postfix) with ESMTP id B2CB521F8696; Sat, 29 Oct 2011 12:42:16 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id E660020177; Sat, 29 Oct 2011 15:43:14 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id F3092435A; Sat, 29 Oct 2011 15:42:11 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
References: <4EAB88B8.80800@bbn.com> <7C362EEF9C7896468B36C9B79200D8350D00FD4E02@INBANSXCHMBSA1.in.alcatel-lucent.com>
Date: Sat, 29 Oct 2011 15:42:11 -0400
In-Reply-To: <7C362EEF9C7896468B36C9B79200D8350D00FD4E02@INBANSXCHMBSA1.in.alcatel-lucent.com> (Manav Bhatia's message of "Sat, 29 Oct 2011 14:54:55 +0530")
Message-ID: <tslk47n4mb0.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: "draft-ietf-ospf-auth-trailer-ospfv3.all@tools.ietf.org" <draft-ietf-ospf-auth-trailer-ospfv3.all@tools.ietf.org>, Sam Hartman <hartmans-ietf@mit.edu>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-ospf-auth-trailer-ospfv3-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Oct 2011 19:42:17 -0000

Hi.  The rationale behind the IANA registry is to avoid related protocol
attacks.  The intent is to have a registry for protocols (there are a
number in the routing area) that use similar layouts for authentication
information to avoid related protocol attacks when the same key is used
cross-protocol.el :So, anything sufficiently similar to this needs to be
registered.  I think the registry is the result of a fairly tight
compromise already and I would not recommend re-opening that discussion.
I'd be delighted if you want to propose better names for the registry or
the initial registration; I suspect we're not tied to those.

I do not support removing the key-strength indication.  Realistically I
think this application probably does require at least 64-bits of
security (assuming there are no hash collision issues, which would
double the security requirement). I don't actively support reducing the
key strength requirement below 128-bits, but I'm not opposed if someone
really wants to do that. Note that a 16-character password does not meet
the current requirement: passwords are typically not random drown from
the set of all binary values of a given size.

v2.23.0 | Report a Bug | By Email