[apps-discuss] apps-review team review of draft-ietf-csi-hash-threat-10
Barry Leiba <barryleiba@computer.org> Sat, 16 October 2010 13:08 UTC
Return-Path: <barryleiba@gmail.com>
X-Original-To: apps-discuss@core3.amsl.com
Delivered-To: apps-discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EC4F73A6AA7 for <apps-discuss@core3.amsl.com>; Sat, 16 Oct 2010 06:08:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.368
X-Spam-Level:
X-Spam-Status: No, score=-102.368 tagged_above=-999 required=5 tests=[AWL=-0.391, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id reRS8V-KxeUY for <apps-discuss@core3.amsl.com>; Sat, 16 Oct 2010 06:08:01 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id A26763A69F2 for <apps-discuss@ietf.org>; Sat, 16 Oct 2010 06:08:01 -0700 (PDT)
Received: by iwn10 with SMTP id 10so2347904iwn.31 for <apps-discuss@ietf.org>; Sat, 16 Oct 2010 06:09:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=K2lSAhWdOR40xc1uNjEoq32v/a1LcVsRxciDkyFAAcY=; b=Y/bhHM6tlFHrbDGpGchVa0KKP6J7EYE4k4VSG3MUsrfQDE1fEvj+2LHTjsgvg0P3x2 zeaOfV9xIzRiTySHbJlqn7k0AzmqWmSN1l7IYTnl1ESagEjjv+/I3L0O45suRjrryWrG nY/1Pe12BzeLKVc2DovJvYJwfvLKlQO+gtP/M=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type:content-transfer-encoding; b=XlIVECaSDqgCOC+cd5T7iAyZbpHwqEM5VsCCyN2fZyndUPAwnUm9v7eBLYnq0EHaJZ /0tmf0pUTaoPZD+bz49cZQAQU1nk9jsG9w/BIHrGglEI9BTuR62T2v5EwmA1XI87qH37 SlU0e76HKE5pTJHHNr4bYE/i0hlWXvZ2wk6r0=
MIME-Version: 1.0
Received: by 10.42.164.5 with SMTP id e5mr1238898icy.84.1287234564294; Sat, 16 Oct 2010 06:09:24 -0700 (PDT)
Sender: barryleiba@gmail.com
Received: by 10.231.30.76 with HTTP; Sat, 16 Oct 2010 06:09:24 -0700 (PDT)
Date: Sat, 16 Oct 2010 09:09:24 -0400
X-Google-Sender-Auth: wZPTx44BUPl9FjnPt6TIGajjDek
Message-ID: <AANLkTikR5bcd31Rs3uTRAnf_YCEeJ=rXMzNJ6vEFqQK+@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: apps-discuss@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: draft-ietf-csi-hash-threat.all@tools.ietf.org
Subject: [apps-discuss] apps-review team review of draft-ietf-csi-hash-threat-10
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Oct 2010 13:08:03 -0000
I have been selected as the Applications Area Review Team reviewer for this draft (for background on apps-review, please see http://www.apps.ietf.org/content/applications-area-review-team). Please resolve these comments along with any other Last Call comments you may receive. Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-ietf-csi-hash-threat-10 Title: SEND Hash Threat Analysis Reviewer: Barry Leiba Review Date: 15 Oct 2010 Summary: This draft is ready for publication as an Informational RFC Major Issues: none Minor Issues: In section 3.3, you say "Since the structure of the Neighbor Discovery messages is well defined, it is not possible to use this vulnerability in real world attacks." That's a strong statement, and it might be *possible* to find a usable hash collision, however unlikely that may be. I'd say "not practical", instead. But this is such a small point that it hardly matters. Nits: There are a few punctuation errors and the like, but the RFC editor will take care of them. Barry -- Barry Leiba (barryleiba@computer.org) http://internetmessagingtechnology.org/
- [apps-discuss] apps-review team review of draft-i… Barry Leiba
- Re: [apps-discuss] apps-review team review of dra… Suresh Krishnan