[Fwd: Re: draft-dbider-sha2-mac-for-ssh-03]
Jeffrey Hutzelman <jhutz@cmu.edu> Mon, 23 January 2012 20:51 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB13821F86AF for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 23 Jan 2012 12:51:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11GAjKTmls4D for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 23 Jan 2012 12:51:23 -0800 (PST)
Received: from mail.netbsd.org (ns.NetBSD.org [IPv6:2001:4f8:3:7::53]) by ietfa.amsl.com (Postfix) with ESMTP id DD4A021F86DC for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Mon, 23 Jan 2012 12:51:22 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id EB03014A199; Mon, 23 Jan 2012 20:51:21 +0000 (UTC)
Delivered-To: ietf-ssh@NetBSD.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 7CC5714A194 for <ietf-ssh@NetBSD.org>; Mon, 23 Jan 2012 20:51:17 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id O5NpW1KslXif for <ietf-ssh@NetBSD.org>; Mon, 23 Jan 2012 20:51:16 +0000 (UTC)
Received: from smtp01.srv.cs.cmu.edu (SMTP01.SRV.CS.CMU.EDU [128.2.217.196]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 8CE8414A18E for <ietf-ssh@NetBSD.org>; Mon, 23 Jan 2012 20:51:16 +0000 (UTC)
Received: from [128.2.193.239] (minbar.fac.cs.cmu.edu [128.2.193.239]) (authenticated bits=0) by smtp01.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id q0NJW9rS005749 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 23 Jan 2012 14:32:09 -0500 (EST)
Subject: [Fwd: Re: draft-dbider-sha2-mac-for-ssh-03]
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: ietf-ssh <ietf-ssh@NetBSD.org>
Cc: jhutz@cmu.edu
Content-Type: text/plain; charset="UTF-8"
Date: Mon, 23 Jan 2012 14:32:08 -0500
Message-ID: <1327347128.2185.209.camel@minbar.fac.cs.cmu.edu>
Mime-Version: 1.0
X-Mailer: Evolution 2.28.3
Content-Transfer-Encoding: 7bit
X-Scanned-By: mimedefang-cmuscs on 128.2.217.196
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
-------- Forwarded Message -------- From: Jeffrey Hutzelman <jhutz@cmu.edu> To: Mark D. Baushke <mdb@juniper.net> Cc: jhutz@cmu.edu, Sean Turner <turners@ieca.com>, denis bider (Bitvise) <ietf-ssh2@denisbider.com>, Stephen Hanna <shanna@juniper.net> Subject: Re: draft-dbider-sha2-mac-for-ssh-03 Date: Mon, 23 Jan 2012 12:14:38 -0500 On Fri, 2012-01-20 at 12:35 -0500, Jeffrey Hutzelman wrote: > "Mark D. Baushke" <mdb@juniper.net> wrote: > > >fwiw: I have not yet seen the Shepherd write-up. > > > >If I have missed a step in the process which I need to do, please do > >let > >me know. > > > > -- Mark > > No; I've been lame, and then busy putting out fires. I'll do something today. I have a writeup ready to go, but I also have a few comments. FWIW, the work you did in -03 to get this ready for publication eliminated the need for a fairly lengthy list of comments. Thank you. -- Jeff Abstract: An abstract is not part of the document it describes, and must stand entirely on its own. As such, it can mention other documents by name or RFC number when appropriate, but should not contain references. So, please remove the extra [RFC4253] at the end. Since this document updates RFC4253 by adding a new RECOMMENDED data integrity algorithm, the abstract must say so explicitly. I suggest removing the second paragraph of the abstract and instead adding the following sentence to the first paragraph: "It also updates RFC4253 by specifying a new RECOMMENDED data integrity algorithm." Note that the complete list of algorithm names is kept in an IANA registry, and merely adding to that list does not constitute an update to RFC4253. However, making one of those RECOMMENDED does. Section 1: s/SSH [RFC4251]/Secure Shell (SSH) [RFC4251]/ "SSH" must be expanded on first use; the expansion in the abstract doesn't count for the body of the document. Section 2: Remind me why the truncated versions are still there? Section 4: "The current attacks on HMAC-SHA1 do not yet seem to indicate a practical vulnerability when used as a message authentication code." I'm not sure what you're really trying to say here. I think you're talking about current attacks on _SHA1_, not _HMAC-SHA1_, which are mitigated when SHA1 is used in an HMAC (though it is the construction, not the usage, that is relevant). In any case, this document defines algorithm IDs for SHA2, not SHA1, so I'm not sure how this statement is relevant. References: References to RFC2104 and FIPS-180-3 are both normative.
- [Fwd: Re: draft-dbider-sha2-mac-for-ssh-03] Jeffrey Hutzelman
- draft-dbider-sha2-mac-for-ssh-05 available Mark D. Baushke