Re: [secdir] Secdir review of draft-ietf-ospf-auth-trailer-ospfv3-08
Stephen Farrell <stephen.farrell@cs.tcd.ie> Sat, 29 October 2011 21:48 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5F2921F862F; Sat, 29 Oct 2011 14:48:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.449
X-Spam-Level:
X-Spam-Status: No, score=-102.449 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z0zHpeE7q8pI; Sat, 29 Oct 2011 14:48:27 -0700 (PDT)
Received: from scss.tcd.ie (hermes.cs.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id A950F21F85FF; Sat, 29 Oct 2011 14:48:27 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 1FE4915358F; Sat, 29 Oct 2011 22:48:26 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h=date :subject:from:x-mailer:message-id:content-type :content-transfer-encoding:mime-version:in-reply-to:references :received:received:x-virus-scanned; s=cs; t=1319924905; bh=uzWFR cHyYYzjqeF9x8ire98uQEecipF9YS11NlhINZE=; b=ofvVJ4oxznuVJvWd1Us7v meoH6XPMhdKfpXuFCnGgtRhTMPWdCT5XnzMUh/BEPATEbp0u2r2L0bJt8frPk+yN qXKbnycXI8zXOeIFB6z3Hb4o0KhU6ellO8aFMwj46ET7ovx55KHN9DEF20trBvxY rrB03JNxUVYMcH44ohEDkw6LdnyuwgUBQ3P1wbmEqHLxy3Q8gJovUyne6x7iiqtg 9ViaT7oXmHu9cx5E/W2FNTCK4iuDdSouytU4q0pdJJ80t3oFurGq3O0y9kjyN2Lf k9JYhc0rev9jJcdsLZltBqyYwSTwxEFdPxeqfH9EJUW7+2zmawyStYoRFpSyDVWx A==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id yD1R9re4NfTQ; Sat, 29 Oct 2011 22:48:25 +0100 (IST)
Received: from [10.87.48.5] (unknown [86.41.5.169]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 2115015358E; Sat, 29 Oct 2011 22:48:19 +0100 (IST)
References: <4EAB88B8.80800@bbn.com> <7C362EEF9C7896468B36C9B79200D8350D00FD4E02@INBANSXCHMBSA1.in.alcatel-lucent.com> <tslk47n4mb0.fsf@mit.edu>
In-Reply-To: <tslk47n4mb0.fsf@mit.edu>
Mime-Version: 1.0 (1.0)
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Message-Id: <68A26CD8-134D-4B39-B812-2D286582F35F@cs.tcd.ie>
X-Mailer: iPhone Mail (9A334)
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Sat, 29 Oct 2011 22:48:17 +0100
To: Sam Hartman <hartmans-ietf@mit.edu>
Cc: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>, "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, Sam Hartman <hartmans-ietf@mit.edu>, "draft-ietf-ospf-auth-trailer-ospfv3.all@tools.ietf.org" <draft-ietf-ospf-auth-trailer-ospfv3.all@tools.ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-ospf-auth-trailer-ospfv3-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Oct 2011 21:48:28 -0000
+1 to what Sam said, S On 29 Oct 2011, at 20:42, Sam Hartman <hartmans-ietf@mit.edu> wrote: > Hi. The rationale behind the IANA registry is to avoid related protocol > attacks. The intent is to have a registry for protocols (there are a > number in the routing area) that use similar layouts for authentication > information to avoid related protocol attacks when the same key is used > cross-protocol.el :So, anything sufficiently similar to this needs to be > registered. I think the registry is the result of a fairly tight > compromise already and I would not recommend re-opening that discussion. > I'd be delighted if you want to propose better names for the registry or > the initial registration; I suspect we're not tied to those. > > I do not support removing the key-strength indication. Realistically I > think this application probably does require at least 64-bits of > security (assuming there are no hash collision issues, which would > double the security requirement). I don't actively support reducing the > key strength requirement below 128-bits, but I'm not opposed if someone > really wants to do that. Note that a 16-character password does not meet > the current requirement: passwords are typically not random drown from > the set of all binary values of a given size.
- [secdir] Secdir review of draft-ietf-ospf-auth-tr… Matt Lepinski
- Re: [secdir] Secdir review of draft-ietf-ospf-aut… Bhatia, Manav (Manav)
- Re: [secdir] Secdir review of draft-ietf-ospf-aut… Sam Hartman
- Re: [secdir] Secdir review of draft-ietf-ospf-aut… Stephen Farrell
- Re: [secdir] Secdir review of draft-ietf-ospf-aut… Matt Lepinski
- Re: [secdir] Secdir review of draft-ietf-ospf-aut… Acee Lindem