IETF Logo Mail Archive

Re: [vwrap] authentication : remove reference to MD5

Richard Barnes <rbarnes@bbn.com> Tue, 06 April 2010 18:07 UTC

Return-Path: <rbarnes@bbn.com>
X-Original-To: vwrap@core3.amsl.com
Delivered-To: vwrap@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D6ABC28C0F0 for <vwrap@core3.amsl.com>; Tue, 6 Apr 2010 11:07:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.45
X-Spam-Level:
X-Spam-Status: No, score=-2.45 tagged_above=-999 required=5 tests=[AWL=0.149, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id msZnfTuc-VUX for <vwrap@core3.amsl.com>; Tue, 6 Apr 2010 11:07:47 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by core3.amsl.com (Postfix) with ESMTP id ABD9E3A69D2 for <vwrap@ietf.org>; Tue, 6 Apr 2010 11:07:42 -0700 (PDT)
Received: from [192.1.255.171] (port=51568 helo=col-dhcp-192-1-255-171.bbn.com) by smtp.bbn.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <rbarnes@bbn.com>) id 1NzDBb-000Ogo-Hh; Tue, 06 Apr 2010 14:07:39 -0400
Message-Id: <A1AB49D2-D846-4F6C-BDFA-22C5036C4B3B@bbn.com>
From: Richard Barnes <rbarnes@bbn.com>
To: Peter Saint-Andre <stpeter@stpeter.im>
In-Reply-To: <4BBB7705.4060206@stpeter.im>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Tue, 6 Apr 2010 14:07:38 -0400
References: <v2zb325928b1004060719nadbc4f76h1be1c4463578fc4a@mail.gmail.com> <4BBB7705.4060206@stpeter.im>
X-Mailer: Apple Mail (2.936)
Cc: vwrap@ietf.org
Subject: Re: [vwrap] authentication : remove reference to MD5
X-BeenThere: vwrap@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual World Region Agent Protocol - IETF working group <vwrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/vwrap>, <mailto:vwrap-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vwrap>
List-Post: <mailto:vwrap@ietf.org>
List-Help: <mailto:vwrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vwrap>, <mailto:vwrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Apr 2010 18:07:49 -0000

>> okay.
>>
>> if we're going to remove VWRAP from all current implementations,
>
> What does that mean? I thought we were trying to build VWRAP into
> implementations, not rip it out. :)

Right, I think the right approach is to think about adding a "VWRAP  
compatibility layer" to existing implementations, and keeping that  
layer as simple as possible (but no simpler!).

That raises the question of where changing hashes falls w.r.t.  
simplicity.  It might seem like you would want to keep MD5 so that the  
compatibility layer wouldn't have to re-hash things.  However, it  
already seems like there's going to be a need for the compatibility  
layer to translate names, which will (presumably) break signatures  
already.  So since there's already need to re-hash, it's not a big  
deal to re-hash with a different hash function.

--Richard




>> i
>> vote we remove MD5 from the auth spec and replace it with a MIC with
>> better security properties, like SHA224 or SHA256.
>
> +1 to more secure authentication.
>
> My quick reading of the authentication draft led me to think that it
> needed a thorough review, but unfortunately I haven't had time to do
> that yet.
>
> Peter
>
> -- 
> Peter Saint-Andre
> https://stpeter.im/
>
>
>
> _______________________________________________
> vwrap mailing list
> vwrap@ietf.org
> https://www.ietf.org/mailman/listinfo/vwrap

v2.8.7 | Report a Bug | By Email