Re: [secdir] Secdir review of draft-turner-md2-to-historic-05
Sean Turner <turners@ieca.com> Mon, 18 October 2010 19:25 UTC
Return-Path: <turners@ieca.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D33A23A6E57 for <secdir@core3.amsl.com>; Mon, 18 Oct 2010 12:25:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.523
X-Spam-Level:
X-Spam-Status: No, score=-102.523 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, UNPARSEABLE_RELAY=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v6MFYgP93eiw for <secdir@core3.amsl.com>; Mon, 18 Oct 2010 12:25:26 -0700 (PDT)
Received: from smtp113.biz.mail.mud.yahoo.com (smtp113.biz.mail.mud.yahoo.com [209.191.68.78]) by core3.amsl.com (Postfix) with SMTP id 9ABAF3A6E51 for <secdir@ietf.org>; Mon, 18 Oct 2010 12:25:26 -0700 (PDT)
Received: (qmail 88913 invoked from network); 18 Oct 2010 19:26:47 -0000
Received: from thunderfish.local (turners@96.231.118.186 with plain) by smtp113.biz.mail.mud.yahoo.com with SMTP; 18 Oct 2010 12:26:46 -0700 PDT
X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ
X-YMail-OSG: GIO9YDQVM1m6Bu2Solm9p2T.7D9JJBXuuVSlPgqIyAqU.US LFkW1g76yUvk__ujLcJ0VMe6ZOqcxPiDJpnGKv0TycbjhbvTsQM.CqIx6.Cj EVCdcZSTRH1RHa_J4J_Q7iey_zenm28irokN9rh1ZXiFL7QjZcCaRcjLASfX 94K3Q.wEVQD_MqbElf6kbFbA48CUNEvpd7psdiUGRCLx.8mGCm.jbKebD_AD eeuNrgCOzZXpRanbXsNpXBNJ_5wlZSCCoXeBb2tdmzUPVkl0Nrzurz7rK7OT fqECMeUboYMzznE811buX7RMaPvJTvdM4WqeTsQ3RgRfJlecvpNj65A--
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4CBC9F75.3030407@ieca.com>
Date: Mon, 18 Oct 2010 15:26:45 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.9) Gecko/20100915 Lightning/1.0b2 Thunderbird/3.1.4
MIME-Version: 1.0
To: Catherine Meadows <catherine.meadows@nrl.navy.mil>
References: <864DCF6A-A192-41F6-9A46-04D6AC64DC06@nrl.navy.mil> <4CBC99E0.2080204@ieca.com> <9D18C25E-888A-4807-A983-D0BC208224EB@nrl.navy.mil>
In-Reply-To: <9D18C25E-888A-4807-A983-D0BC208224EB@nrl.navy.mil>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: secdir@ietf.org, draft-turner-md2-to-historic.all@tools.ietf.org, iesg@ietf.org
Subject: Re: [secdir] Secdir review of draft-turner-md2-to-historic-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Oct 2010 19:25:26 -0000
drat - yes the albeit phrase should be about the collision attacks not the pre-image attacks. spt On 10/18/10 3:16 PM, Catherine Meadows wrote: > Sean, > > Yes, this looks much better, although I think that for > > Since its publication, MD2 has been shown to not be collision-free > [ROCH1995][KNMA2005][ROCH1997], albeit successful pre-image attacks > for properly implement MD2 are not that damaging. > > what you really meant to say was > > Since its publication, MD2 has been shown to not be collision-free > [ROCH1995][KNMA2005][ROCH1997], albeit successful collision attacks > for properly implemented MD2 are not that damaging. > > Is that correct? > > Cathy > > On Oct 18, 2010, at 3:02 PM, Sean Turner wrote: > >> Catherine, >> >> Thanks for your review. >> >> How about I make the following two changes: >> >> 1) In Section 1, add something to provide a better characterization >> of the collision-resistance: >> >> OLD: >> >> Since its publication, MD2 has been shown to not be collision-free >> [ROCH1995][KNMA2005][ROCH1997] and shown to have successful >> pre-image attacks [KNMA2005][MULL2004][KMM2010]. >> >> NEW: >> >> Since its publication, MD2 has been shown to not be collision-free >> [ROCH1995][KNMA2005][ROCH1997], albeit successful pre-image attacks >> for properly implement MD2 are not that damaging. MD2 has also been >> shown to have successful pre-image and second-preimage attacks >> [KNMA2005[MULL2004][KMM2010]. >> >> 2) In section 6, align the last sentence of the second paragraph and >> the 1st sentence of paragraph 3: >> >> OLD: >> >> .., which is not significantly better than the birthday attack. >> >> Even though collision attacks on MD2 are not more powerful than >> the birthday attack, MD2 was found not to be one-way... >> >> NEW: >> >> .., which is not significantly better than the birthday attack. >> >> Even though collision attacks on MD2 are not significantly more >> powerful than the birthday attack, MD2 was found not to be >> one-way... >> >> spt >> >> On 10/16/10 2:36 PM, Catherine Meadows wrote: >>> I have reviewed this document as part of the security directorate's >>> ongoing effort to review all IETF documents being processed by the >>> IESG. These comments were written primarily for the benefit of the >>> security area directors. Document editors and WG chairs should treat >>> these comments just like any other last call comments. >>> >>> >>> This document recommends that the MD2 hash algorithm be moved to >>> historic status and gives >>> the rationale for doing this. The reasons are mainly >>> security-related, given that the algorithm >>> has been shown not to be collision-free and is vulnerable to >>> pre-image attacks. Performance is also an >>> issue. The impact is minimal, given that support for MD2 in the >>> standards that refer to it is either optional or >>> discouraged. >>> >>> I have no problems with the decision or rationale. I agree, as I am >>> sure that everyone else does, the MD2 >>> should be retired. >>> >>> I do have one minor recommendation though about the rationale: in >>> section 2 (the Rationale section), >>> you say that MD2 has been shown to not be collision-free and is >>> vulnerable to pre-image attacks. The Rationale >>> appears to give both these concerns equal value. But in Section 6 >>> (Security Considerations), you say >>> that the most successful collision attacks against MD2 are not >>> significantly better than the birthday attack, >>> and the real security problems with MD2 have to do with its >>> vulnerability to pre-image attacks. It seems to me that >>> this reasoning should be reflected in the Rationale. >>> >>> >>> Catherine Meadows >>> Naval Research Laboratory >>> Code 5543 >>> 4555 Overlook Ave., S.W. >>> Washington DC, 20375 >>> phone: 202-767-3490 >>> fax: 202-404-7942 >>> email: catherine.meadows@nrl.navy.mil >>> <mailto:catherine.meadows@nrl.navy.mil> >>> >>> _______________________________________________ >>> secdir mailing list >>> secdir@ietf.org <mailto:secdir@ietf.org> >>> https://www.ietf.org/mailman/listinfo/secdir >>> > > Catherine Meadows > Naval Research Laboratory > Code 5543 > 4555 Overlook Ave., S.W. > Washington DC, 20375 > phone: 202-767-3490 > fax: 202-404-7942 > email: catherine.meadows@nrl.navy.mil > <mailto:catherine.meadows@nrl.navy.mil> >
- [secdir] Secdir review of draft-turner-md2-to-his… Catherine Meadows
- Re: [secdir] Secdir review of draft-turner-md2-to… Sean Turner
- Re: [secdir] Secdir review of draft-turner-md2-to… Catherine Meadows
- Re: [secdir] Secdir review of draft-turner-md2-to… Sean Turner