Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms
draft-turner-md5-seccon-update-08
Revision differences
Document history
| Date | Rev. | By | Action |
|---|---|---|---|
|
2015-10-14
|
08 | (System) | Notify list changed from turners@ieca.com, lily.chen@nist.gov, draft-turner-md5-seccon-update@ietf.org to (None) |
|
2011-03-07
|
08 | Amy Vezza | [Note]: changed to 'RFC 6151' |
|
2011-03-07
|
08 | Amy Vezza | State changed to RFC Published from RFC Ed Queue. |
|
2011-03-06
|
08 | (System) | RFC published |
|
2011-01-11
|
08 | Amy Vezza | State changed to RFC Ed Queue from Approved-announcement sent. |
|
2011-01-10
|
08 | (System) | IANA Action state changed to No IC from In Progress |
|
2011-01-10
|
08 | (System) | IANA Action state changed to In Progress |
|
2011-01-10
|
08 | Amy Vezza | IESG state changed to Approved-announcement sent |
|
2011-01-10
|
08 | Amy Vezza | IESG has approved the document |
|
2011-01-10
|
08 | Amy Vezza | Closed "Approve" ballot |
|
2011-01-10
|
08 | Amy Vezza | Approval announcement text regenerated |
|
2011-01-07
|
08 | (System) | Removed from agenda for telechat - 2011-01-06 |
|
2011-01-06
|
08 | Cindy Morgan | State changed to Approved-announcement to be sent from IESG Evaluation. |
|
2011-01-06
|
08 | Alexey Melnikov | Ballot writeup text changed |
|
2011-01-06
|
08 | Robert Sparks | [Ballot Position Update] New position, No Objection, has been recorded |
|
2011-01-06
|
08 | Ron Bonica | [Ballot Position Update] New position, No Objection, has been recorded |
|
2011-01-05
|
08 | Russ Housley | [Ballot comment] I think this documnet would be more useful to people trying to choose an algorithm if Section 2 were structured to present … [Ballot comment] I think this documnet would be more useful to people trying to choose an algorithm if Section 2 were structured to present the conclusions at the beginning, and then provide the details in the susbsections. I suggest: MD5 was published in 1992 as an Informational RFC. Since that time, MD5 has been extensively studied and new cryptographic attacks have been discovered. Message digest algorithms are designed to provide collision, pre-image, and second pre-image resistance. In addition, message digest algorithms are used with a shared secret value for message authentication in HMAC, and in this context, some people may find the guidance for key lengths and algorithm strengths in [SP800-57] and [SP800-131] useful. MD5 is no longer acceptable where collision resistance is required such as digital signatures. It is not urgent to stop using MD5 in other ways, such as HMAC-MD5; however, since MD5 must not be used for digital signatures, new protocol designs should not employ HMAC-MD5. Alternatives to HMAC-MD5 include HMAC-SHA256 [HMAC][HMAC-SHA256] and [AES-CMAC] when AES is more readily available than a hash function. |
|
2011-01-05
|
08 | Russ Housley | [Ballot comment] I think this documnet would be more useful to people trying to choose an algorithm if Section 2 were structured to present … [Ballot comment] I think this documnet would be more useful to people trying to choose an algorithm if Section 2 were structured to present the conclusions at the befinning, and then provide the details in the susbsections. I suggest: MD5 was published in 1992 as an Informational RFC. Since that time, MD5 has been extensively studied and new cryptographic attacks have been discovered. Message digest algorithms are designed to provide collision, pre-image, and second pre-image resistance. In addition, message digest algorithms are used with a shared secret value for message authentication in HMAC, ans in this context, some people may find the guidance for key lengths and algorithm strengths in [SP800-57] and [SP800-131] useful. MD5 is no longer acceptable where collision resistance is required such as digital signatures. It is not urgent to stop using MD5 in other ways, such as HMAC-MD5; however, since MD5 must not be used for digital signatures, new protocol designs should not employ HMAC-MD5. Alternatives to HMAC-MD5 include HMAC-SHA256 [HMAC][HMAC-SHA256] and [AES-CMAC] when AES is more readily available than a hash function. |
|
2011-01-05
|
08 | Russ Housley | [Ballot Position Update] New position, Yes, has been recorded |
|
2011-01-05
|
08 | Tim Polk | [Ballot Position Update] New position, No Objection, has been recorded |
|
2011-01-05
|
08 | Stewart Bryant | [Ballot Position Update] New position, No Objection, has been recorded |
|
2011-01-05
|
08 | Adrian Farrel | [Ballot Position Update] New position, No Objection, has been recorded |
|
2011-01-03
|
08 | Peter Saint-Andre | [Ballot Position Update] New position, Yes, has been recorded |
|
2010-12-29
|
08 | Alexey Melnikov | Ballot writeup text changed |
|
2010-12-29
|
08 | Alexey Melnikov | Ballot writeup text changed |
|
2010-12-29
|
08 | Alexey Melnikov | State changed to IESG Evaluation from Waiting for AD Go-Ahead::AD Followup. |
|
2010-12-29
|
08 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
|
2010-12-29
|
08 | (System) | New version available: draft-turner-md5-seccon-update-08.txt |
|
2010-12-23
|
08 | Sean Turner | [Ballot Position Update] New position, Recuse, has been recorded |
|
2010-12-23
|
08 | Alexey Melnikov | State changed to Waiting for AD Go-Ahead::Revised ID Needed from Waiting for AD Go-Ahead. |
|
2010-12-23
|
08 | Alexey Melnikov | [Ballot Position Update] New position, Yes, has been recorded for Alexey Melnikov |
|
2010-12-23
|
08 | Alexey Melnikov | Ballot has been issued |
|
2010-12-23
|
08 | Alexey Melnikov | Created "Approve" ballot |
|
2010-12-22
|
08 | (System) | State changed to Waiting for AD Go-Ahead from In Last Call. |
|
2010-11-30
|
08 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Barry Leiba |
|
2010-11-30
|
08 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Barry Leiba |
|
2010-11-29
|
08 | Amanda Baber | IANA has a question about the IANA Action for this document. IANA understands that the authors intend a single IANA Action upon approval of this … IANA has a question about the IANA Action for this document. IANA understands that the authors intend a single IANA Action upon approval of this document. IANA understands that, upon approval of this document, the md5 usage entry in the Hash Function Textual Names registry should replace "COMMON" with "DEPRECATED." IANA Question --> In the Hash Function Textual Names registry located at: http://www.iana.org/assignments/hash-function-text-names/hash-function-text-names.xhtml there is no "usage entry" for each of the registrations. Was a different registry intended or should a usage entry be added to this registry upon approval of this document? |
|
2010-11-24
|
08 | Amy Vezza | Last call sent |
|
2010-11-24
|
08 | Amy Vezza | State changed to In Last Call from Last Call Requested. The following Last Call Announcement was sent out: From: The IESG <iesg-secretary@ietf.org> To: … State changed to In Last Call from Last Call Requested. The following Last Call Announcement was sent out: From: The IESG <iesg-secretary@ietf.org> To: IETF-Announce <ietf-announce@ietf.org> Reply-To: ietf@ietf.org Subject: Last Call: <draft-turner-md5-seccon-update-07.txt> (Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms) to Informational RFC The IESG has received a request from an individual submitter to consider the following document: - 'Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms' <draft-turner-md5-seccon-update-07.txt> as an Informational RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2010-12-22. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. The file can be obtained via http://datatracker.ietf.org/doc/draft-turner-md5-seccon-update/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-turner-md5-seccon-update/ |
|
2010-11-24
|
08 | Alexey Melnikov | Placed on agenda for telechat - 2011-01-06 |
|
2010-11-24
|
08 | Alexey Melnikov | AD review of -07: 2.1. Collision Resistance Notice that the collision attack on MD5 can also be applied to password based challenge-and-response authentication … AD review of -07: 2.1. Collision Resistance Notice that the collision attack on MD5 can also be applied to password based challenge-and-response authentication protocols such as the APOP option in the Post Office Protocol (POP) used in post office authentication as presented in [LEUR2007]. This needs Informative references to POP3 and APOP (both specified in RFC 1939). 3. IANA Considerations IANA is requested to update the md5 usage entry in the Hash Function Textual Names registry by replacing "COMMON" with "DEPRECATED". I've checked the IANA registry and the registry defined in Section 8 of RFC 4572 doesn't specify the usage field for each hash function. Maybe the registry should have this field, but currently it doesn't. So I think IANA will be confused by the current instructions. [HMAC-MD5] Cheng, P., and R. Glenn, "Test Cases for HMAC-MD5 and HMAC-SHA-1", RC 2201, September 1997. Should this be "RFC 2202"? |
|
2010-11-24
|
08 | Alexey Melnikov | Last Call was requested |
|
2010-11-24
|
08 | (System) | Ballot writeup text was added |
|
2010-11-24
|
08 | (System) | Last call text was added |
|
2010-11-24
|
08 | (System) | Ballot approval text was added |
|
2010-11-24
|
08 | Alexey Melnikov | State changed to Last Call Requested from AD Evaluation. |
|
2010-11-23
|
08 | Alexey Melnikov | State changed to AD Evaluation from Publication Requested. |
|
2010-11-15
|
08 | Cindy Morgan | State changed to Publication Requested from AD is watching. |
|
2010-11-15
|
08 | Cindy Morgan | (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the document and, in particular, does he … (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the document and, in particular, does he or she believe this version is ready for forwarding to the IESG for publication? Sean Turner is the document Shepherd. He believes that it is ready for publication. (1.b) Has the document had adequate review both from key WG members and from key non-WG members? Does the Document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? The authors noted this document in a message requested reviews from both the saag and cfrg. There is no concern about the breadth of reviews. (1.c) Does the Document Shepherd have concerns that the document needs more review from a particular or broader perspective, e.g., security, operational complexity, someone familiar with AAA, internationalization, or XML? The shepherd feels there is no need for a wider review. (1.d) Does the Document Shepherd have any specific concerns or issues with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. Has an IPR disclosure related to this document been filed? If so, please include a reference to the disclosure and summarize the WG discussion and conclusion on this issue. There are no additional concerns that the AD or IESG should be aware of. (1.e) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? This is not the product of a WG. (1.f) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarize the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is entered into the ID Tracker.) There has been no threat of appeal. (1.g) Has the Document Shepherd personally verified that the document satisfies all ID nits? (See http://www.ietf.org/ID-Checklist.html and http://tools.ietf.org/tools/idnits/.) Boilerplate checks are not enough; this check needs to be thorough. Has the document met all formal review criteria it needs to, such as the MIB Doctor, media type, and URI type reviews? If the document does not already indicate its intended status at the top of the first page, please indicate the intended status here. The shepherd has verified that the document satisfies all ID nits. (1.h) Has the document split its references into normative and informative? Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the strategy for their completion? Are there normative references that are downward references, as described in [RFC3967]? If so, list these downward references to support the Area Director in the Last Call procedure for them [RFC3967]. The document does not split its references. All references in this informative document are normative. (1.i) Has the Document Shepherd verified that the document's IANA Considerations section exists and is consistent with the body of the document? If the document specifies protocol extensions, are reservations requested in appropriate IANA registries? Are the IANA registries clearly identified? If the document creates a new registry, does it define the proposed initial contents of the registry and an allocation procedure for future registrations? Does it suggest a reasonable name for the new registry? See [RFC2434]. If the document describes an Expert Review process, has the Document Shepherd conferred with the Responsible Area Director so that the IESG can appoint the needed Expert during IESG Evaluation? The document shepherd has verified that the IANA considerations section exists and is consistent with the body of the document. (1.j) Has the Document Shepherd verified that sections of the document that are written in a formal language, such as XML code, BNF rules, MIB definitions, etc., validate correctly in an automated checker? There is no formal language in this document. (1.k) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary This document updates the security considerations for MD5 and HMAC-MD5. Working Group Summary The authors asked for comments from the saag and cfrg lists. All of the comments were received off list. The reviewers are noted in the acknowledgments section. Document Quality Prominent reviewers are noted in the draft's acknowledgment section. Personnel Sean Turner is the Document Shepherd. Alexey Melnikov is the Responsible Area Director. |
|
2010-11-15
|
08 | Cindy Morgan | [Note]: 'Sean Turner (turners@ieca.com) is the document shepherd.' added |
|
2010-11-07
|
07 | (System) | New version available: draft-turner-md5-seccon-update-07.txt |
|
2010-10-25
|
06 | (System) | New version available: draft-turner-md5-seccon-update-06.txt |
|
2010-10-20
|
05 | (System) | New version available: draft-turner-md5-seccon-update-05.txt |
|
2010-10-13
|
04 | (System) | New version available: draft-turner-md5-seccon-update-04.txt |
|
2010-09-24
|
03 | (System) | New version available: draft-turner-md5-seccon-update-03.txt |
|
2010-07-12
|
02 | (System) | New version available: draft-turner-md5-seccon-update-02.txt |
|
2010-07-08
|
01 | (System) | New version available: draft-turner-md5-seccon-update-01.txt |
|
2010-07-06
|
08 | Alexey Melnikov | Draft Added by Alexey Melnikov in state AD is watching |
|
2010-07-06
|
00 | (System) | New version available: draft-turner-md5-seccon-update-00.txt |