Re: [sipcore] I-D Action: draft-ietf-sipcore-digest-scheme-14.txt
"Olle E. Johansson" <oej@edvina.net> Fri, 01 November 2019 07:26 UTC
Return-Path: <oej@edvina.net>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97B401200FA for <sipcore@ietfa.amsl.com>; Fri, 1 Nov 2019 00:26:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oiN_NFhfqXyL for <sipcore@ietfa.amsl.com>; Fri, 1 Nov 2019 00:26:32 -0700 (PDT)
Received: from smtp7.webway.se (smtp7.webway.se [212.3.14.205]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38A8F12009E for <sipcore@ietf.org>; Fri, 1 Nov 2019 00:26:31 -0700 (PDT)
Received: from [192.168.1.170] (194-161-217-66.ip.assaabloy.com [194.161.217.66]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp7.webway.se (Postfix) with ESMTPSA id C8DB218F0; Fri, 1 Nov 2019 08:26:27 +0100 (CET)
From: "Olle E. Johansson" <oej@edvina.net>
Message-Id: <787C4342-330A-435F-A350-2237B442CA2B@edvina.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_840A1D35-7148-4C24-A29A-C02F85B16103"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Fri, 01 Nov 2019 08:26:26 +0100
In-Reply-To: <413a75e5-7aa9-9940-70d2-2aa4596f78f8@alum.mit.edu>
Cc: Olle E Johansson <oej@edvina.net>, sipcore@ietf.org
To: Paul Kyzivat <pkyzivat@alum.mit.edu>
References: <157252797201.30364.11393682991189471576@ietfa.amsl.com> <CAH7qZftz8dE0Jm8Mg8gYseqPxtn40jywUuf_6AaFTPJV_g=aqw@mail.gmail.com> <413a75e5-7aa9-9940-70d2-2aa4596f78f8@alum.mit.edu>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/1CHkmvARh0kcdknhaiPUq9rIwGI>
Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-digest-scheme-14.txt
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2019 07:26:35 -0000
> On 31 Oct 2019, at 22:55, Paul Kyzivat <pkyzivat@alum.mit.edu> wrote: > > On 10/31/19 1:37 PM, Maxim Sobolev wrote: >> Hi, I am new here, so not sure what the proper process is, but there are few comments I have with regards to the proposed RFC: >> 1. In the Abstract section there is a phrase "the broken MD5 algorithm". I think "broken" might be a bit strong and emotionally charged. There is nothing broken about MD5 as far as hashing algorithm is concerned. It is proven to be not very secure in this day and age, but given the right amount of time any today's algorithm would probably be in that category. > > This is a good point. MD5 is simply obsolete, not broken. > You may add a reference to https://tools.ietf.org/html/rfc6151 "The published attacks against MD5 show that it is not prudent to use MD5 when collision resistance is required." "The attacks presented in [KLIM2006 <https://tools.ietf.org/html/rfc6151#ref-KLIM2006>] can find MD5 collision in about one minute on a standard notebook PC (Intel Pentium, 1.6GHz). [STEV2007 <https://tools.ietf.org/html/rfc6151#ref-STEV2007>] claims that it takes 10 seconds or less on a 2.6Ghz Pentium4 to find collisions. " In essence, it’s not broken, but quite open for succesful attacks. /O
- [sipcore] I-D Action: draft-ietf-sipcore-digest-s… internet-drafts
- Re: [sipcore] I-D Action: draft-ietf-sipcore-dige… Maxim Sobolev
- Re: [sipcore] I-D Action: draft-ietf-sipcore-dige… Christer Holmberg
- Re: [sipcore] I-D Action: draft-ietf-sipcore-dige… Paul Kyzivat
- Re: [sipcore] I-D Action: draft-ietf-sipcore-dige… Rifaat Shekh-Yusef
- Re: [sipcore] I-D Action: draft-ietf-sipcore-dige… Olle E. Johansson