draft-ietf-csi-hash-threat-08.txt   draft-ietf-csi-hash-threat-09.txt 
Network Working Group A. Kukec Network Working Group A. Kukec
Internet-Draft University of Zagreb Internet-Draft University of Zagreb
Intended status: Standards Track S. Krishnan Intended status: Standards Track S. Krishnan
Expires: September 7, 2010 Ericsson Expires: September 7, 2010 Ericsson
S. Jiang S. Jiang
Huawei Technologies Co., Ltd Huawei Technologies Co., Ltd
March 6, 2010 March 6, 2010
SEND Hash Threat Analysis SEND Hash Threat Analysis
draft-ietf-csi-hash-threat-08 draft-ietf-csi-hash-threat-09
Abstract Abstract
This document analysis the use of hashes in SEND, possible threats This document analysis the use of hashes in SEND, possible threats
and the impact of recent attacks on hash functions used by SEND. and the impact of recent attacks on hash functions used by SEND.
Current SEND specification [rfc3971] uses the SHA-1 [sha-1] hash Current SEND specification [rfc3971] uses the SHA-1 [sha-1] hash
algorithm and X.509 certificates [rfc5280] and does not provide algorithm and X.509 certificates [rfc5280] and does not provide
support for the hash algorithm agility. The purpose of the document support for the hash algorithm agility. The purpose of the document
is to provide analysis of possible hash threats and to decide how to is to provide analysis of possible hash threats and to decide how to
encode the hash agility support in SEND. encode the hash agility support in SEND.
skipping to change at page 3, line 17 skipping to change at page 3, line 17
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Impact of collision attacks on SEND . . . . . . . . . . . . . 5 3. Impact of collision attacks on SEND . . . . . . . . . . . . . 5
3.1. Attacks against CGAs in stateless autoconfiguration . . . 5 3.1. Attacks against CGAs in stateless autoconfiguration . . . 5
3.2. Attacks against X.509 certificates in ADD process . . . . 6 3.2. Attacks against X.509 certificates in ADD process . . . . 6
3.3. Attacks against the Digital Signature in the RSA 3.3. Attacks against the Digital Signature in the RSA
Signature option . . . . . . . . . . . . . . . . . . . . . 7 Signature option . . . . . . . . . . . . . . . . . . . . . 7
3.4. Attacks against the Key Hash field in the RSA 3.4. Attacks against the Key Hash field in the RSA
Signature option . . . . . . . . . . . . . . . . . . . . . 7 Signature option . . . . . . . . . . . . . . . . . . . . . 7
4. Support for the hash agility in SEND . . . . . . . . . . . . . 8 4. Support for the hash agility in SEND . . . . . . . . . . . . . 8
5. Security Considerations . . . . . . . . . . . . . . . . . . . 10 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12
7.1. Normative References . . . . . . . . . . . . . . . . . . . 12 7.1. Normative References . . . . . . . . . . . . . . . . . . . 12
7.2. Informative References . . . . . . . . . . . . . . . . . . 12 7.2. Informative References . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 14
1. Introduction 1. Introduction
SEND [rfc3971] uses the SHA-1 hash algorithm to generate SEND [rfc3971] uses the SHA-1 hash algorithm to generate
Cryptographically Generated Addresses (CGA) [rfc3972], the contents Cryptographically Generated Addresses (CGA) [rfc3972], the contents
skipping to change at page 11, line 5 skipping to change at page 11, line 5
not present. In such way, SEND is not bound exclusively to CGA. not present. In such way, SEND is not bound exclusively to CGA.
o None of the previous solutions supports the negotiation of the o None of the previous solutions supports the negotiation of the
hash function. One of possible solutions is the negotiation hash function. One of possible solutions is the negotiation
approach for the SEND hash agility based on the Supported approach for the SEND hash agility based on the Supported
Signature Algorithm option described in [sig-agility]. Based on Signature Algorithm option described in [sig-agility]. Based on
the processing rules described in [sig-agility] nodes find the the processing rules described in [sig-agility] nodes find the
intersection between the sender's and the receiver's supported intersection between the sender's and the receiver's supported
signature algorithms set. signature algorithms set.
5. Security Considerations 5. IANA Considerations
There are no IANA actions resulting from this document.
6. Security Considerations
This document analyzes the impact of hash attacks in SEND and offeres This document analyzes the impact of hash attacks in SEND and offeres
a higher security level for SEND by providing solution for the hash a higher security level for SEND by providing solution for the hash
agility support. agility support.
The negotiation approach for the hash agility in SEND based on the The negotiation approach for the hash agility in SEND based on the
Supported Signature Algorithms option is vulnerable to bidding-down Supported Signature Algorithms option is vulnerable to bidding-down
attacks, which is usual in the case of any negotiation approach. attacks, which is usual in the case of any negotiation approach.
This issue can be mitigated with the appropriate local policies. This issue can be mitigated with the appropriate local policies.
6. Security Considerations
There are no IANA actions resulting from this document.
7. References 7. References
7.1. Normative References 7.1. Normative References
[new-hashes] [new-hashes]
Bellovin, S. and E. Rescorla, "Deploying a New Hash Bellovin, S. and E. Rescorla, "Deploying a New Hash
Algorithm", November 2005. Algorithm", November 2005.
[pk-agility] [pk-agility]
Cheneau, T., Maknavicius, M., Sean, S., and M. Vanderveen, Cheneau, T., Maknavicius, M., Sean, S., and M. Vanderveen,
 End of changes. 4 change blocks. 
7 lines changed or deleted 7 lines changed or added

This html diff was produced by rfcdiff 1.38. The latest version is available from http://tools.ietf.org/tools/rfcdiff/