[secdir] Secdir review of draft-turner-md2-to-historic-05

Catherine Meadows <catherine.meadows@nrl.navy.mil> Sat, 16 October 2010 18:35 UTC

Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 4B7C43A6AC1; Sat, 16 Oct 2010 11:35:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.484
X-Spam-Status: No, score=-1.484 tagged_above=-999 required=5 tests=[AWL=1.115, BAYES_00=-2.599]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id J9kj7nS9FqB6; Sat, 16 Oct 2010 11:35:26 -0700 (PDT)
Received: from fw5540.nrl.navy.mil (fw5540.nrl.navy.mil []) by core3.amsl.com (Postfix) with ESMTP id E52333A6A28; Sat, 16 Oct 2010 11:35:21 -0700 (PDT)
Received: from chacs.nrl.navy.mil (sun1.fw5540.net []) by fw5540.nrl.navy.mil (8.13.8/8.13.6) with ESMTP id o9GIad1l006995; Sat, 16 Oct 2010 14:36:40 -0400 (EDT)
Received: from chacs.nrl.navy.mil (sun1 []) by chacs.nrl.navy.mil (8.13.8/8.13.6) with SMTP id o9GIaZUp020612; Sat, 16 Oct 2010 14:36:35 -0400 (EDT)
Received: (from [IPv6:::1] []) by chacs.nrl.navy.mil (SMSSMTP with SMTP id M2010101614363404303 ; Sat, 16 Oct 2010 14:36:34 -0400
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Sat, 16 Oct 2010 14:36:34 -0400
Message-Id: <864DCF6A-A192-41F6-9A46-04D6AC64DC06@nrl.navy.mil>
To: iesg@ietf.org, secdir@ietf.org
Mime-Version: 1.0 (Apple Message framework v1081)
X-Mailer: Apple Mail (2.1081)
Cc: draft-turner-md2-to-historic.all@tools.ietf.org
Subject: [secdir] Secdir review of draft-turner-md2-to-historic-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Oct 2010 18:35:28 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This document recommends that the MD2 hash algorithm be moved to historic status and gives
the rationale for doing this.  The reasons are mainly security-related, given that the algorithm
has been shown not to be collision-free and is vulnerable to pre-image attacks.  Performance is also an
issue.  The impact is minimal, given that support for MD2 in the standards that refer to it is either optional or

I have no problems with the decision or rationale.  I agree, as I am sure that everyone else does, the MD2
should be retired.  

I do have one minor recommendation though about the rationale: in section 2 (the Rationale section),
you say that MD2 has been shown to not be collision-free and is vulnerable to pre-image attacks.  The Rationale
appears to give both these concerns equal value. But in Section 6 (Security Considerations), you say
that the most successful collision attacks against MD2 are not significantly better than the birthday attack,
and the real security problems with MD2 have to do with its vulnerability to pre-image attacks.  It seems to me that
this reasoning should be reflected in the Rationale.

Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil