marcelo bagnulo braun wrote: > >> Right. Scenarios in which the hash is completely broken are also >> described, but just for the comparation purposes. That is something >> what we were talking in Philadelphia -- do we have to solve all the >> attacks or just the attacks which are up to date possible in practice. >> We decided to mention in the draft all the attacks (including just >> theoretically possible ones), but to solve just practically possible >> attacks. >> >> > I still don't understand > > the analysis you have made is basically about collision attacks > > However, when we consider how to encode the hash function in send, we > also consider the attacks against other properties of the hash function, > in particular to the preimage attacks. I mean, bidding down attacks > being considered are not about collision free, but about the preimage > attacks afacit, right? >
Right, it is. In the new version of draft, in the analysis part, are considered both the preimage and collision attacks. IMO, it might be useful to analyze both attacks, to clarify things more precisely, and also because of some possible future attacks. Contrary to the analysis part, IMO, the solution part should be based on the collision attacks. The downgrade attack is mentioned at the end, just as one additional plus. Do you agree for the analysis part to include both collision and preimage attack analysis? And, do you agree that the solution should be based on collision attacks only? >> So basically what you are saying is that the it is better to use only >> human readable fields because they are harder to attack. >> No. Just that non-human readable fields demand less effort to break them, since, it is easier to extend the IHV value to a random string, than to a meaningful data. > >> IMO, the attacks which affect just pk do not have implications in >> send. But, attacks which affect human-readable data have implications >> in send. For example, the changed set of IP prefixes in the rfc3779 IP >> address extension, changed validity period. Up to date, no such attack >> has been demonstrated, but 2007 attack against identity field is on >> the way to such attacks. >> >> > so you should analyze the impact in send of these potentially possible > attacks and write them down in the document > Ok, it will be added in the next version. > > >> Yes, i think it may be possible, with both the hash algorithm field, >> and the digital signature field. Should we analyze this case? >> >> > please do > > Ok, it will be added also. Thank you, Cheers Ana _______________________________________________ CGA-EXT mailing list [email protected] https://www.ietf.org/mailman/listinfo/cga-ext
