draft-ietf-csi-hash-threat-07.txt   draft-ietf-csi-hash-threat-08.txt 
Network Working Group A. Kukec Network Working Group A. Kukec
Internet-Draft University of Zagreb Internet-Draft University of Zagreb
Intended status: Standards Track S. Krishnan Intended status: Standards Track S. Krishnan
Expires: August 16, 2010 Ericsson Expires: September 7, 2010 Ericsson
S. Jiang S. Jiang
Huawei Technologies Co., Ltd Huawei Technologies Co., Ltd
February 12, 2010 March 6, 2010
SEND Hash Threat Analysis SEND Hash Threat Analysis
draft-ietf-csi-hash-threat-07 draft-ietf-csi-hash-threat-08
Abstract Abstract
This document analysis the use of hashes in SEND, possible threats This document analysis the use of hashes in SEND, possible threats
and the impact of recent attacks on hash functions used by SEND. and the impact of recent attacks on hash functions used by SEND.
Current SEND specification [rfc3971] uses the SHA-1 [sha-1] hash Current SEND specification [rfc3971] uses the SHA-1 [sha-1] hash
algorithm and X.509 certificates [rfc5280] and does not provide algorithm and X.509 certificates [rfc5280] and does not provide
support for the hash algorithm agility. The purpose of the document support for the hash algorithm agility. The purpose of the document
is to provide analysis of possible hash threats and to decide how to is to provide analysis of possible hash threats and to decide how to
encode the hash agility support in SEND. encode the hash agility support in SEND.
skipping to change at page 1, line 45 skipping to change at page 1, line 45
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 16, 2010. This Internet-Draft will expire on September 7, 2010.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 7 skipping to change at page 3, line 7
modifications of such material outside the IETF Standards Process. modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other it for publication as an RFC or to translate it into languages other
than English. than English.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Impact of collision attacks on SEND . . . . . . . . . . . . . 6 3. Impact of collision attacks on SEND . . . . . . . . . . . . . 5
3.1. Attacks against CGAs in stateless autoconfiguration . . . 6 3.1. Attacks against CGAs in stateless autoconfiguration . . . 5
3.2. Attacks against X.509 certificates in ADD process . . . . 7 3.2. Attacks against X.509 certificates in ADD process . . . . 6
3.3. Attacks against the Digital Signature in the RSA 3.3. Attacks against the Digital Signature in the RSA
Signature option . . . . . . . . . . . . . . . . . . . . . 8 Signature option . . . . . . . . . . . . . . . . . . . . . 7
3.4. Attacks against the Key Hash field in the RSA 3.4. Attacks against the Key Hash field in the RSA
Signature option . . . . . . . . . . . . . . . . . . . . . 8 Signature option . . . . . . . . . . . . . . . . . . . . . 7
4. Support for the hash agility in SEND . . . . . . . . . . . . . 9 4. Support for the hash agility in SEND . . . . . . . . . . . . . 8
5. Security Considerations . . . . . . . . . . . . . . . . . . . 11 5. Security Considerations . . . . . . . . . . . . . . . . . . . 10
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11
6.1. Normative References . . . . . . . . . . . . . . . . . . . 12 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12
6.2. Informative References . . . . . . . . . . . . . . . . . . 12 7.1. Normative References . . . . . . . . . . . . . . . . . . . 12
7.2. Informative References . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 14
1. Introduction 1. Introduction
SEND [rfc3971] uses the SHA-1 hash algorithm to generate SEND [rfc3971] uses the SHA-1 hash algorithm to generate
Cryptographically Generated Addresses (CGA) [rfc3972], the contents Cryptographically Generated Addresses (CGA) [rfc3972], the contents
of the Key Hash field and the Digital Signature field of the RSA of the Key Hash field and the Digital Signature field of the RSA
Signature option. It also uses a hash algorithm (SHA-1, MD5, etc.) Signature option. It also uses a hash algorithm (SHA-1, MD5, etc.)
within the digital signature in X.509 certificates [rfc5280] for the within the digital signature in X.509 certificates [rfc5280] for the
router authorization in the Authorizaton Delegation Discovery (ADD) router authorization in the Authorizaton Delegation Discovery (ADD)
skipping to change at page 12, line 5 skipping to change at page 12, line 5
This document analyzes the impact of hash attacks in SEND and offeres This document analyzes the impact of hash attacks in SEND and offeres
a higher security level for SEND by providing solution for the hash a higher security level for SEND by providing solution for the hash
agility support. agility support.
The negotiation approach for the hash agility in SEND based on the The negotiation approach for the hash agility in SEND based on the
Supported Signature Algorithms option is vulnerable to bidding-down Supported Signature Algorithms option is vulnerable to bidding-down
attacks, which is usual in the case of any negotiation approach. attacks, which is usual in the case of any negotiation approach.
This issue can be mitigated with the appropriate local policies. This issue can be mitigated with the appropriate local policies.
6. References 6. Security Considerations
6.1. Normative References There are no IANA actions resulting from this document.
7. References
7.1. Normative References
[new-hashes] [new-hashes]
Bellovin, S. and E. Rescorla, "Deploying a New Hash Bellovin, S. and E. Rescorla, "Deploying a New Hash
Algorithm", November 2005. Algorithm", November 2005.
[pk-agility] [pk-agility]
Cheneau, T., Maknavicius, M., Sean, S., and M. Vanderveen, Cheneau, T., Maknavicius, M., Sean, S., and M. Vanderveen,
"Support for Multiple Signature Algorithms in "Support for Multiple Signature Algorithms in
Cryptographically generated Addresses (CGAs)", Cryptographically generated Addresses (CGAs)",
draft-cheneau-cga-pk-agility-00 (work in progress), draft-cheneau-cga-pk-agility-00 (work in progress),
skipping to change at page 12, line 39 skipping to change at page 13, line 39
[rfc4982] Bagnulo, M. and J. Arrko, "Support for Multiple Hash [rfc4982] Bagnulo, M. and J. Arrko, "Support for Multiple Hash
Algorithms in Cryptographically Generated Addresses Algorithms in Cryptographically Generated Addresses
(CGAs)", RFC 4982, July 2007. (CGAs)", RFC 4982, July 2007.
[sig-agility] [sig-agility]
Cheneau, T. and M. Maknavicius, "Signature Algorithm Cheneau, T. and M. Maknavicius, "Signature Algorithm
Agility in the Secure Neighbor Discovery (SEND) Protocol", Agility in the Secure Neighbor Discovery (SEND) Protocol",
draft-cheneau-send-sig-agility-01 (work in progress), draft-cheneau-send-sig-agility-01 (work in progress),
May 2010. May 2010.
6.2. Informative References 7.2. Informative References
[rfc2119] Bradner, S., "Key words for use in RFCs to Indicate [rfc2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, March 1997. Requirement Levels", RFC 2119, March 1997.
[rfc5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., [rfc5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC rfc5280, May 2008. (CRL) Profile", RFC rfc5280, May 2008.
[sha-1] NIST, FIBS PUB 180-1, "Secure Hash Standard", April 1995. [sha-1] NIST, FIBS PUB 180-1, "Secure Hash Standard", April 1995.
 End of changes. 10 change blocks. 
19 lines changed or deleted 24 lines changed or added

This html diff was produced by rfcdiff 1.38. The latest version is available from http://tools.ietf.org/tools/rfcdiff/