Network Working Group M. Bagnulo
Request for Comments: 4982 UC3M
Updates: 3972 J. Arkko
Category: Standards Track Ericsson
July 2007
Support for Multiple Hash Algorithms in
Cryptographically Generated Addresses (CGAs)
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The IETF Trust (2007).
Abstract
This document analyzes the implications of recent attacks on commonly
used hash functions on Cryptographically Generated Addresses (CGAs)
and updates the CGA specification to support multiple hash
algorithms.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Impact of Collision Attacks in CGAs . . . . . . . . . . . . . . 2
4. Options for Multiple Hash Algorithm Support in CGAs . . . . . . 3
4.1. Where to Encode the Hash Function? . . . . . . . . . . . . 4
5. CGA Generation Procedure . . . . . . . . . . . . . . . . . . . 6
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
7. Security Considerations . . . . . . . . . . . . . . . . . . . . 7
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
9.1. Normative References . . . . . . . . . . . . . . . . . . . 7
9.2. Informative References . . . . . . . . . . . . . . . . . . 7
Bagnulo & Arkko Standards Track [Page 1]
RFC 4982 Multiple Hash Support in CGAs July 2007
1. Introduction
Recent attacks to currently used hash functions have motivated a
considerable amount of concern in the Internet community. The
recommended approach [6] [10] to deal with this issue is first to
analyze the impact of these attacks on the different Internet
protocols that use hash functions and second to make sure that the
different Internet protocols that use hash functions are capable of
migrating to an alternative (more secure) hash function without a
major disruption in the Internet operation.
This document performs such analysis for the Cryptographically
Generated Addresses (CGAs) defined in [2]. The first conclusion of
the analysis is that the security of the protocols using CGAs is not
affected by the recently available attacks against hash functions.
The second conclusion of the analysis is that the hash function used
is hard coded in the CGA specification. This document updates the
CGA specification [2] to enable the support of alternative hash
functions. In order to do so, this document creates a new registry
managed by IANA to register the different hash algorithms used in
CGAs.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [1].
3. Impact of Collision Attacks in CGAs
Recent advances in cryptography have resulted in simplified attacks
against the collision-free property of certain commonly used hash
functions [6] [10], including SHA-1 that is the hash function used by
CGAs [2]. The result is that it is possible to obtain two messages,
M1 and M2, that have the same hash value with much less than 2^(L/2)
attempts. We will next analyze the impact of such attacks in the
currently proposed usages of CGAs.
As we understand it, the attacks against the collision-free property
of a hash function mostly challenge the application of such hash
functions, for the provision of non-repudiation capabilities. This
is because an attacker would be capable to create two different
messages that result in the same hash value and it can then present
any of the messages interchangeably (for example after one of them
has been signed by the other party involved in the transaction).
However, it must be noted that both messages must be generated by the
datatracker.ietf.org