[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] Good Hash: draft-ietf-sip-fork-loop-fix-03

To: Cullen Jennings <fluffy at cisco.com>
Subject: Re: [Sip] Good Hash: draft-ietf-sip-fork-loop-fix-03
From: Michael Thomas <mat at cisco.com>
Date: Wed, 04 Oct 2006 11:35:27 -0700
Authentication-results: sj-dkim-2.cisco.com; header.From=mat@cisco.com; dkim=pass ( sig from cisco.com verified; );
Cc: SIP <sip at ietf.org>, Pete Cordell <pete at tech-know-ware.com>, Robert Sparks <rjsparks at estacado.net>, Dean Willis <dean.willis at softarmor.com>
Dkim-signature: a=rsa-sha1; q=dns; l=2911; t=1159986917; x=1160850917; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mat@cisco.com; z=From:Michael=20Thomas=20<mat@cisco.com> |Subject:Re=3A=20[Sip]=20Good=20Hash=3A=20draft-ietf-sip-fork-loop-fix-03; X=v=3Dcisco.com=3B=20h=3DVcADUG4YAjhJCOUESy9WKP9y43s=3D; b=Ukvpce9S7B/dc8Na1c59PenuMfuOpF+nVngJKtU6tnE1JUGVetMXrG7gx3R6RejSW0YO0/Xi KFXlPqLaaEAlHYws9dWrVgfC62JEoPWIbTu67Fn0ZYdO/502KfWDbMG8;
In-reply-to: <D5C3F54F-F7FC-4A48-9F31-9DD2DAA8FC31@cisco.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <0J5L00L28GI2JL40@jes-fe2.zx.nl> <9102F009-D9C4-4C18-8670-C95F2E98867E@cisco.com> <4522AA1F.4040604@softarmor.com> <683BA38E-E7D4-436C-B964-9B9D6775B827@estacado.net> <99BBB4C6-14B7-40FE-BE90-02899428A540@cisco.com> <1207432B-5F09-4B2E-B14A-CC2CCC628878@estacado.net> <D5C3F54F-F7FC-4A48-9F31-9DD2DAA8FC31@cisco.com>
User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; rv:1.7.3) Gecko/20040913 Thunderbird/0.8 Mnenhy/0.7.2.0

Cullen Jennings wrote:

On Oct 3, 2006, at 12:52 PM, Robert Sparks wrote:
I take it you are explicitly objecting to the statement that MD5 is a reasonable non-normatively specified choice? You have also clearly objected to 128 as a suggestion (The text does NOT mandate a length).

RjS
Yes - MD5 is a cryptographic hash and I thought we all agreed that use off cryptographic hash was not the best choice. If we think cryptographic hash ideas are a good idea, then we need to explain why.

Using a cryptographic hash, even in an example, is a huge red flag for any security person reviewing this. The fact that we used this particular one which has significant security issues, is a even bigger issue.

Uh, no. These aren't even remotely comparable. I'm going to make a big leap here and guess that people aren't trying to actively _attack_ these forking hashes. _That's_ the problem with MD5 with security. If you're just using it as a _hashing_ algorithm that has a low probability of collisions, it's just fine. That is: unless you're going to say that the forking hash needs to be resisitant to collisions from an attacker's chosen text to do something nefarious, the problems with MD5 (or SHA1) don't apply.

Partially I think MD5 is totally lame to use here because it is slow and offer no advantages over better things and partially I am trying to avoid any delays due to security review where someone points out we should not be using MD5 in new protocols.

The only knock in my mind is that it may be slower than something else, but I'd worry a great deal about the "something else" if collisions are a problem. Just randomly inventing a good hashing algorithm with good collision properties especially with similar chosen text is not exactly the easiest thing to do. Since you're relying on this for carrying state, I think it's a bad idea to not at least do a SHOULD level algorithm(s) and be very certain that the algorithm you choose actual has the collision resistance needed. I'm not an expert here by any means, but my recollection is that CRC does NOT have very good properties that way.

      Mike

If the we can't figure out a reasonable hash to suggest, how should an implementer figure out what to use. I've been trying to say, I don't care what but don't choose a cryptographic one. If people have a good reason for wanting MD5, I'm glad to listen but I just had not heard the reason yet.
_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

Follow-Ups:
- Re: [Sip] Good Hash: draft-ietf-sip-fork-loop-fix-03
  - From: Cullen Jennings

References:
- RE: [Sip] Good Hash: draft-ietf-sip-fork-loop-fix-03
  - From: Jeroen Van Bemmel
- Re: [Sip] Good Hash: draft-ietf-sip-fork-loop-fix-03
  - From: Cullen Jennings
- Re: [Sip] Good Hash: draft-ietf-sip-fork-loop-fix-03
  - From: Dean Willis
- Re: [Sip] Good Hash: draft-ietf-sip-fork-loop-fix-03
  - From: Robert Sparks
- Re: [Sip] Good Hash: draft-ietf-sip-fork-loop-fix-03
  - From: Cullen Jennings
- Re: [Sip] Good Hash: draft-ietf-sip-fork-loop-fix-03
  - From: Robert Sparks
- Re: [Sip] Good Hash: draft-ietf-sip-fork-loop-fix-03
  - From: Cullen Jennings

Prev by Date: Re: [Sip] RE: draft-ietf-sip-connected-identity-01 comments
Next by Date: Re: [Sip] GRUU and Grid alternative
Previous by thread: Re: [Sip] Good Hash: draft-ietf-sip-fork-loop-fix-03
Next by thread: Re: [Sip] Good Hash: draft-ietf-sip-fork-loop-fix-03
Index(es):
- Date
- Thread