RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 4270, "Attacks on Cryptographic Hashes in Internet Protocols", November 2005

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 2658
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: Lloyd Wood
Date Reported: 2010-12-04
Rejected by: Stephen Farrell
Date Rejected: 2011-11-12

Section 1 says:

The Internet protocol community needs to
migrate in an orderly manner away from SHA-1 and MD5 -- especially
MD5 -- and toward more secure hash algorithms.

It should say:

The Internet community needs to migrate in an orderly manner away from reliance for
security purposes on SHA-1 and MD-5 -- especially MD5 -- and toward more secure hash algorithms
for all security-related usages of hash functions in all protocols.

Notes:

This came up in discussion with Sean Turner, Martin Rex and the IESG over IESG Last Call: <draft-turner-md5-seccon-update-07.txt>.

RFC4270 lists seven uses for hash algorithms in section 3. MD5 should not be used for two of those [non-repudiable signatures and digital signatures in certificates] as those are are affected by collision attacks -- albeit only in limited circumstances. For the other five uses - particularly reliability checking (misnamed integrity protection in this draft) in a non-security context, MD5 remains fine to use. Martin flagged the original text as bad, and we came up with qualifiers - below.


On 3 Dec 2010, at 21:40, Martin Rex wrote:

> L.Wood@surrey.ac.uk wrote:

>> I also take issue with RFC4270's claim that:
>>
>> >The Internet protocol community needs to
>> > migrate in an orderly manner away from SHA-1 and MD5 -- especially
>> > MD5 -- and toward more secure hash algorithms.
>>
>> which is rather broad, and entirely without the context and qualifiers
>> we're discussing. RFC4270 was not written for a general audience,
>> but for a security audience. The Internet _security protocol_ community
>> may well need to migrate from these for certain uses (despite there not
>> yet being obvious things to move _to_), but RFC4270 and your draft's
>> sum take-away message that MD5BADDONOTUSE overstates the case.
>
> I agree that the above wording of rfc-4270 is BAD.
>
> It should have said:
>
> The Internet community needs to migrate in an orderly manner away from
> SHA-1 and MD5 -- especially MD5 -- and toward more secure hash algorithms
> for all security-related usages of hash functions in all protocols.

That wording is better, though I would also add a qualifier
on the front by saying 'away from reliance for security purposes on SHA-1
and MD-5...'. This should imo be filed as an erratum on RFC4270.
--VERIFIER NOTES--
This is a substantive change that would require "security-related" to be sufficiently well defined. Writing a draft about this would be better.

Report New Errata