IETF Logo Mail Archive

Re: [smime] [saag] [Fwd: I-D ACTION:draft-turner-md2-to-historic-00.txt]

"Santosh Chokhani" <SChokhani@cygnacom.com> Wed, 07 July 2010 17:17 UTC

Return-Path: <SChokhani@cygnacom.com>
X-Original-To: smime@core3.amsl.com
Delivered-To: smime@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 478F63A6887; Wed, 7 Jul 2010 10:17:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oq7sQU1v2YKU; Wed, 7 Jul 2010 10:17:15 -0700 (PDT)
Received: from mail166.messagelabs.com (mail166.messagelabs.com [216.82.253.163]) by core3.amsl.com (Postfix) with SMTP id 4462B3A685B; Wed, 7 Jul 2010 10:17:14 -0700 (PDT)
X-VirusChecked: Checked
X-Env-Sender: SChokhani@cygnacom.com
X-Msg-Ref: server-3.tower-166.messagelabs.com!1278523034!27516574!1
X-StarScan-Version: 6.2.4; banners=-,-,-
X-Originating-IP: [65.242.48.25]
Received: (qmail 12968 invoked from network); 7 Jul 2010 17:17:15 -0000
Received: from unknown (HELO scygexch1.cygnacom.com) (65.242.48.25) by server-3.tower-166.messagelabs.com with SMTP; 7 Jul 2010 17:17:15 -0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Wed, 07 Jul 2010 13:17:14 -0400
Message-ID: <FAD1CF17F2A45B43ADE04E140BA83D4801060605@scygexch1.cygnacom.com>
In-Reply-To: <4C335C75.7070508@ieca.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [saag] [Fwd: I-D ACTION:draft-turner-md2-to-historic-00.txt]
Thread-Index: AcsdKfgzqsB/uxx1TUS1IAJUwQMjagArsSqw
References: <4C10E308.9060503@ieca.com> <4C335C75.7070508@ieca.com>
From: Santosh Chokhani <SChokhani@cygnacom.com>
To: Sean Turner <turners@ieca.com>, saag@ietf.org, smime@ietf.org, pkix@ietf.org, cfrg@irtf.org
Subject: Re: [smime] [saag] [Fwd: I-D ACTION:draft-turner-md2-to-historic-00.txt]
X-BeenThere: smime@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SMIME Working Group <smime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/smime>, <mailto:smime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/smime>
List-Post: <mailto:smime@ietf.org>
List-Help: <mailto:smime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/smime>, <mailto:smime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jul 2010 17:17:17 -0000

Sean,

It may be worth discussing DSSC (RFC 5698) from LTANS WG that provides a
capability to specify suitable crypto algorithms.

> -----Original Message-----
> From: saag-bounces@ietf.org [mailto:saag-bounces@ietf.org] On Behalf
Of
> Sean Turner
> Sent: Tuesday, July 06, 2010 12:40 PM
> To: saag@ietf.org; smime@ietf.org; pkix@ietf.org; cfrg@irtf.org
> Subject: Re: [saag] [Fwd: I-D ACTION:draft-turner-md2-to-historic-
> 00.txt]
> 
> To summarize the comments I received on this I-D:
> 
> 1) Finally!
> 
> 2) Is there any precedent with moving informational to historic.
> 
> Russ suggested I ask Scott Bradner what he thought about this.  His
> response (repeated here with permission):
> 
> "1/ my personal view is that historic should be only used for
>   cases where we want to say 'do not use'
> 
>   2/ seems like a reasonable thing to do in this case
> 
>   fwiw, I have always felt that it is important to document
>   any such move that is done for a real reason (not just because
>   people think it is not used) with a RFC"
> 
> I'd consider this support for moving informational RFCs to historic.
> 
> 3) Why target MD2?
> 
> This was really a trial balloon.  I'm planning on doing something with
> MD4 and MD5 too ;)
> 
> 4) It's better to have a security algorithms roadmap.
> 
> I tend to agree, but I thought I was shooting for the low hanging
> fruit.
> 
> 5) Remove keywords and delete obsolete references.
> 
> Anything to track less references is a good thing!
> 
> 6) Do an updates document instead, because there might still be other
> uses for MD2/MD4/MD5 that don't require collision resistance (e.g.,
> HMAC).
> 
> I'd like to treat MD2/MD4/MD5 the same, but some HMAC uses are
> probably still okay for a little while (at least that what's I'm
> turning up through research). But, I can't really see us saying that
> HAMC-MD2 and HMAC-MD4 are okay to keep using in the mid/long term.  I
> think we ought to be saying "jump off the sinking ship now" because it
> takes a while for crypto to go away just like it does to get fielded.
>   Luckily, there are only a few places where HMAC-MD2 or HMAC-MD4 are
> specified.  MD5/HMAC-MD5 is another story.  I like the idea of just
> updating MD5's security considerations to say don't use MD5 if you
> need collision resistance and that it is (or is probably) okay for
> HMAC.
> 
> I updated the md2-to-historic I-D
> (http://datatracker.ietf.org/doc/draft-turner-md2-to-historic/) to
> actually talk about attacks against MD2 and submitted a similar draft
> for MD4 (http://datatracker.ietf.org/doc/draft-turner-md4-to-
> historic/).
>   I also submitted one that updates the MD5 security considerations
> (http://datatracker.ietf.org/doc/draft-turner-md5-seccon-update/).
> Comments on all are welcome.
> 
> spt
> 
> Sean Turner wrote:
> > (apologies if you get this multiple times)
> >
> > I'm looking for feedback on this draft that proposes moving MD2 to
> > historic status.
> >
> > Thanks,
> >
> > spt
> >
> >
---------------------------------------------------------------------
> ---
> >
> > Subject:
> > I-D ACTION:draft-turner-md2-to-historic-00.txt
> > From:
> > Internet-Drafts@ietf.org
> > Date:
> > Wed, 9 Jun 2010 15:00:02 -0700 (PDT)
> > To:
> > i-d-announce@ietf.org
> >
> > To:
> > i-d-announce@ietf.org
> >
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts
> > directories.
> >
> >
> > 	Title		: MD2 to Historic Status
> > 	Author(s)	: S. Turner
> > 	Filename	: draft-turner-md2-to-historic-00.txt
> > 	Pages		: 6
> > 	Date		: 2010-6-8
> >
> >    This document recommends the retirement of MD2 and discusses the
> >    reasons for doing so.  This document recommends RFC 1319 be moved
> to
> >    Historic status.
> >
> >
> > A URL for this Internet-Draft is:
> > http://www.ietf.org/internet-drafts/draft-turner-md2-to-historic-
> 00.txt
> >
> > Internet-Drafts are also available by anonymous FTP at:
> > ftp://ftp.ietf.org/internet-drafts/
> >
> > Below is the data which will enable a MIME compliant mail reader
> > implementation to automatically retrieve the ASCII version of the
> > Internet-Draft.
> >
> >
> >
---------------------------------------------------------------------
> ---
> >
> > _______________________________________________
> > I-D-Announce mailing list
> > I-D-Announce@ietf.org
> > https://www.ietf.org/mailman/listinfo/i-d-announce
> > Internet-Draft directories: http://www.ietf.org/shadow.html
> > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email