Re: [secdir] secdir review of draft-ietf-ancp-mc-extensions-14

Tom Taylor <tom.taylor.stds@gmail.com> Fri, 24 January 2014 11:56 UTC

Return-Path: <tom.taylor.stds@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 019AE1A02B8; Fri, 24 Jan 2014 03:56:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id di37Rn1o6ejL; Fri, 24 Jan 2014 03:56:11 -0800 (PST)
Received: from mail-ig0-x236.google.com (mail-ig0-x236.google.com [IPv6:2607:f8b0:4001:c05::236]) by ietfa.amsl.com (Postfix) with ESMTP id 88E9F1A02BA; Fri, 24 Jan 2014 03:56:11 -0800 (PST)
Received: by mail-ig0-f182.google.com with SMTP id uy17so2340245igb.3 for <multiple recipients>; Fri, 24 Jan 2014 03:56:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=F1eK1Fi0GzvhwGkal/wTOCN0UYKdZzwdQYQ0A8zWPHg=; b=JmvbP+8CroWED9TZCWNFE39LuvRS4Ct/jG70IwwtUd3u224f6lvynTgQekSeWvCTUh swEVCeIj7/hEDUZoYt6BFTppGLrArpXzTrDsckJp6Yw13EMr8owXWX+tUQJSIRiPnaIm 8BVBBJ00XmuLY2a6cS1tu7rPm6c4Z6QmnIqMX1XxpUELNA3RHQf7iu7xa9IBeDH3RCBC YZ4V6kvC5BJC1RmI+zMVnXC2ZNItGN4Bkp80lUep94nz9Q+ENcxQxnqNNarFWH3EEBdt gJLqrCvAyK1xXcyxFXhzmYDGrXOJMmscLahXahK9q4QtYLzXas64MT3ysDo908/8ki7r 7Few==
X-Received: by 10.50.154.102 with SMTP id vn6mr4068572igb.1.1390564570320; Fri, 24 Jan 2014 03:56:10 -0800 (PST)
Received: from [192.168.1.69] ([64.56.225.169]) by mx.google.com with ESMTPSA id x6sm9306429igb.3.2014.01.24.03.56.09 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 24 Jan 2014 03:56:09 -0800 (PST)
Message-ID: <52E254D6.7000804@gmail.com>
Date: Fri, 24 Jan 2014 06:56:06 -0500
From: Tom Taylor <tom.taylor.stds@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Ben Laurie <benl@google.com>, "Roberta Maglione (robmgl)" <robmgl@cisco.com>
References: <57C3345230A4F94C9B2F5CFA05D7F2BD1D570589@xmb-rcd-x01.cisco.com> <CABrd9SRUj6xt+Cj6YXEPRPWd54ULKq-TyMbs2HX=kK-6s-03+g@mail.gmail.com>
In-Reply-To: <CABrd9SRUj6xt+Cj6YXEPRPWd54ULKq-TyMbs2HX=kK-6s-03+g@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Cc: "draft-ietf-ancp-mc-extensions.all@tools.ietf.org" <draft-ietf-ancp-mc-extensions.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-ancp-mc-extensions-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jan 2014 11:56:13 -0000

Based on a totally separate discussion (in 6man), it would be preferable 
not to mention MD-5 in a new IETF document.

Tom Taylor

On 24/01/2014 6:25 AM, Ben Laurie wrote:
> On 24 January 2014 00:43, Roberta Maglione (robmgl) <robmgl@cisco.com>; wrote:
>> Tom,
>>
>> Regarding this point:
>>> [PTT] I can add references to Diameter security (with which I am
>>> familiar) and RADIUS security (which I gather is being worked on)?
>>> Roberta, can you help with the latter?
>>
>> I'm not very familiar with security, but as far as I know RADIUS security is based on the MD5 algorithm, which has been proven to be  insecure.
>
> Whilst it is generally a good idea to retire MD5, it hasn't actually
> been proved insecure for the use RADIUS makes of it.
>
>> In order to overcome this issue " Transport Layer Security (TLS) Encryption for RADIUS" has been specified in RFC 6614, I think we should add a reference to this RFC.
>> I'm cc-ing Klaas who is one of the author of this RFC in order to get his feedback too.
>>
>> Thanks
>> Regards
>> Roberta
>>
>> -----Original Message-----
>> From: Tom Taylor [mailto:tom.taylor.stds@gmail.com]
>> Sent: Thursday, January 23, 2014 7:19 PM
>> To: Zhangdacheng (Dacheng); iesg@ietf.org; secdir@ietf.org; draft-ietf-ancp-mc-extensions.all@tools.ietf.org
>> Subject: Re: [spam] [secdir] secdir review of draft-ietf-ancp-mc-extensions-14
>>
>> Again, thank you for the work you out into this review. Responses marked with [PTT].
>>
>> On 22/01/2014 1:47 AM, Zhangdacheng (Dacheng) wrote:
>>> Helloļ¼š
>>>
>>>
...