Last Call Review of draft-turner-md2-to-historic-
|Requested revision||No specific revision (document currently at 10)|
|Type||Last Call Review|
|Team||Security Area Directorate (secdir)|
|Draft last updated||2010-10-24|
Secdir Last Call review of -??
by Catherine Meadows
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document recommends that the MD2 hash algorithm be moved to historic status and gives the rationale for doing this. The reasons are mainly security-related, given that the algorithm has been shown not to be collision-free and is vulnerable to pre-image attacks. Performance is also an issue. The impact is minimal, given that support for MD2 in the standards that refer to it is either optional or discouraged. I have no problems with the decision or rationale. I agree, as I am sure that everyone else does, the MD2 should be retired. I do have one minor recommendation though about the rationale: in section 2 (the Rationale section), you say that MD2 has been shown to not be collision-free and is vulnerable to pre-image attacks. The Rationale appears to give both these concerns equal value. But in Section 6 (Security Considerations), you say that the most successful collision attacks against MD2 are not significantly better than the birthday attack, and the real security problems with MD2 have to do with its vulnerability to pre-image attacks. It seems to me that this reasoning should be reflected in the Rationale. Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows at nrl.navy.mil