Hi, I first would like to say that I am very pleased with the outcome of the review process. Particularly Section 3.2 addresses some of the concerns I raised after WG last-call.
I do have some additional comments: 1) I still find odds that the document talks about MD5 and SHA-1 hashing in the PKIX certificate when the only current algorithm described in the cert-profile document (taken from the SIDR document) is SHA-256, there should not be any MD5 or SHA-1 used for signature for the PKIX certificates for SEND. Moreover, there is no reference to MD5 in the RFC3971. 2) I would also add a reference to the cert-profile document. 3) The attack on 3.2 has not "yet" been demonstrated for SHA-256. That should be clarified. 4) By adding the SKI Trust Anchor identifier (draft-ietf-csi-send-name-type-registry), we are also adding another use of hashes in SEND. There is some text in the security section of that document about the effect of a collision affecting the SKI. You could also add this particular text. Regards, Roque On Jul 12, 2010, at 8:49 AM, marcelo bagnulo braun wrote: > Hi, > > Based on the reviews we got, the authors have produced a new version of this > document. Considering the amount of changes, we are issuing a new WGLC. > Please review the document and comment before monday 26th of july. > > Find the details attached. > > Regards, marcelo > > -------- Mensaje original -------- > Asunto: I-D Action:draft-ietf-csi-hash-threat-10.txt > Fecha: Sun, 11 Jul 2010 17:45:02 -0700 (PDT) > De: [email protected] > Responder a: [email protected] > Para: [email protected] > CC: [email protected] > > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Cga& Send maIntenance Working Group of the > IETF. > > > Title : SEND Hash Threat Analysis > Author(s) : A. Kukec, et al. > Filename : draft-ietf-csi-hash-threat-10.txt > Pages : 6 > Date : 2010-07-11 > > This document analyzes the use of hashes in Secure Neighbor Discovery > (SEND), the possible threats to these hashes and the impact of recent > attacks on hash functions used by SEND. The SEND specification > [RFC3971] currently uses the SHA-1 [SHA1] hash algorithm and PKIX > certificates [RFC5280] and does not provide support for hash > algorithm agility. This document provides an analysis of possible > threats to the hash algorithms used in SEND. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-ietf-csi-hash-threat-10.txt > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > Below is the data which will enable a MIME compliant mail reader > implementation to automatically retrieve the ASCII version of the > Internet-Draft. > > > <draft-ietf-csi-hash-threat-10.txt><Parte del mensaje > adjunto.txt>_______________________________________________ > CGA-EXT mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/cga-ext
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ CGA-EXT mailing list [email protected] https://www.ietf.org/mailman/listinfo/cga-ext
