[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Privacy extensions to Stateless Address Autoconf

Hi Brian and Francis,
  Thanks for your comments. I have made some changes to the draft to 
address the issues you raised. Let me know if these changes are OK.

* I have removed all references to MD5 in the document.
* I have added a reference to draft-ietf-ipsec-esp-ah-algorithms-02
* I added the following paragraph about the hash algorithm

  "The randomized interface identifier generation algorithm assumes that
   the node is capable of running a hash algorithm which is capable of
   producing a 128 bit random value.  The selected hash algorithm SHOULD
   follow the guidelines set forth in  [RANDOM] to ensure randomness of
   the result.  The node MAY use one of the hash algorithms specified in
   [IPSECALGO] as these algorithms will be available on every IPv6
   compliant node"

[IPSECALGO] is draft-ietf-ipsec-esp-ah-algorithms-02 and 
[RANDOM] is RFC1750


On Thu, 7 Oct 2004, Francis Dupont wrote:

> In your previous mail you wrote:
>   First, changing the algorithm will not affect interoperability.  The
>   generation of the IID is local to each node.
>=> so the change should not be a problem if it is justified.
>   Second, we are attempting to move this document from PS to
>   DS, so making a gratuitous change to the hash algorithm is not
>   usually favored.
>=> the argument is that MD5 is/shall be not available by default.
>I suggest to give it to security area directors for an advice.
>   In addition, will we change it again when a newer algorithm comes along?
>=> your proposal is a nice answer.
>   Perhaps an alternative, if people feel a need to move away from
>   MD5, would be to not specify a single hash, but rather give a list
>   of possible hashes.  And an informative pointer to RFC 1750
>   would help with this direction.
>=> this seems a wOnderful idea!
>PS: draft-ietf-ipsec-esp-ah-algorithms-02.txt changes MD5 based algo
>requirement levels from MUST to MAY so the argument about MD5 seems
>to be right.
>IETF IPv6 working group mailing list
>Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6

IETF IPv6 working group mailing list
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6