One document matched: draft-turner-md2-to-historic-00.txt
Network Working Group S. Turner
Internet Draft IECA
Updates: 1319 (once approved) June 8, 2010
Intended Status: Informational
Expires: December 8, 2010
MD2 to Historic Status
draft-turner-md2-to-historic-00.txt
Abstract
This document recommends the retirement of MD2 and discusses the
reasons for doing so. This document recommends RFC 1319 be moved to
Historic status.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. This document may contain material
from IETF Documents or IETF Contributions published or made publicly
available before November 10, 2008.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on December 8, 2010.
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
Turner Expires December 8, 2010 [Page 1]
Internet-Draft MD2 to Historic Status May 2010
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
1. Introduction
MD2 [MD2] is a message digest algorithm that takes as input a message
of arbitrary length and produces as output a 128-bit "fingerprint" or
"message digest" of the input. This document recommends that MD2 be
retired. Specifically, this document recommends RFC 1319 [MD2] be
moved to Historic status. The reasons for taking this action are
discussed.
1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
[RFC2119].
2. Rationale
MD2 was published in 1992 as an Informational RFC. Since its
publication, MD2 has been shown to not be collision free
[MD2-Collisions]. In fact, RSA, in 1996, suggested that MD2 should
not be used [RSA-AdviceOnMD2].
3. Documents that Reference RFC 1319
MD2 has been specified in the following RFCs:
Proposed Standard (PS):
o [RFC2246] The TLS Protocol Version 1.0.
o [RFC2459] Internet X.509 Public Key Infrastructure Certificate
and CRL Profile.
o [RFC3279] Algorithms and Identifiers for the Internet X.509
Public Key Infrastructure Certificate and Certificate
Revocation List (CRL) Profile.
Turner Expires December 8, 2010 [Page 2]
Internet-Draft MD2 to Historic Status May 2010
o [RFC4572] Connection-Oriented Media Transport over the
Transport Layer Security (TLS) Protocol in the Session
Description Protocol (SDP).
Informational:
o [RFC2313] PKCS #1: RSA Encryption Version 1.5.
o [RFC2315] PKCS #7: Cryptographic Message Syntax Version 1.5.
o [RFC2437] PKCS #1: RSA Cryptography Specifications Version 2.0.
o [RFC2898] PKCS #5: Password-Based Cryptography Specification
Version 2.0.
o [RFC3447] Public-Key Cryptography Standards (PKCS) #1: RSA
Cryptography Specifications Version 2.1.
Experimental:
o [RFC2660] The Secure HyperText Transfer Protocol.
Historic:
o [RFC1423] Privacy Enhancement for Internet Electronic Mail:
Part III: Algorithms, Modes, and Identifiers.
4. Impact of Moving MD2 to Historic.
The impact of moving MD2 to Historic on the RFCs specified in Section
3 is minimal, as described below.
Concentrating on the PS RFCs:
o MD2 support in TLS was dropped in TLS 1.1. Additionally, many
TLS implementations, OpenSSL, Network Security Services, and
GNUTLS, have disabled support for MD2.
o MD2 support is optional in [RFC4572], and SHA-1 is specified as
the preferred algorithm.
o MD2 is included in the original PKIX certificate profile
[RFC2459] and the PKIX algorithm document [RFC3279] for
compatibility with older applications, but its use is
discouraged. SHA-1 is identified as the preferred algorithm
for the Internet PKI.
Turner Expires December 8, 2010 [Page 3]
Internet-Draft MD2 to Historic Status May 2010
Looking at the Informational RFCs:
o PKCS#1 [RFC2313] indicates that support MD2 is only retained
for compatibility with existing applications. One of the
motivations for updating PKCS#1 was to add support for
algorithms such as SHA-224, SHA-256, SHA-384, and SHA-512.
o PKCS#5 [RFC2898] recommends that the Password Based Encryption
Scheme (PBES) that uses MD2 not be used for new applications.
o PKCS#7 [RFC2315] was replaced by a series of standards track
publications, "Cryptographic Message Syntax" [RFC2630]
[RFC3369] [RFC3852] [RFC5652] and "Cryptographic Message Syntax
(CMS) Algorithms" [RFC3370]. Support for MD2 was dropped in
[RFC3370].
RFC 2818 "HTTP Over TLS", which does not reference MD2, largely
supplanted implementation of RFC 2660. S/MIME has largely replaced
implementations of PEM. Support for MD2 was dropped in S/MIME v3.1
[RFC3851].
5. Recommendation
Implementers have been warned for many years not to implement MD2 due
to its lack of collision resistance. It is RECOMMENDED that [MD2] be
moved to Historic Status.
6. IANA Considerations
None.
7. Security Considerations
MD2 MUST continue to be considered non-collision resistant.
8. References
8.1. Informative References
[MD2] Rivest, R., "The MD5 Message-Digest Algorithm", RFC
1319, April 1992.
[MD2-Collisions] Rogier, N., and P. Chauvaud, "The compression
function of MD2 is not collision free." Presented at
Selected Areas in Cryptography '95, Carleton
University, Ottawa, Canada. May 18-19, 1995.
Turner Expires December 8, 2010 [Page 4]
Internet-Draft MD2 to Historic Status May 2010
[RFC1423] Balenson, T., "Privacy Enhancement for Internet
Electronic Mail: Part III: Algorithms, Modes, and
Identifiers", RFC 1423, February 1993.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2313] Kaliski, B., "PKCS #1: RSA Encryption Version 1.5",
RFC 2313, March 1998.
[RFC2315] Kaliski, B., "PKCS #7: Cryptographic Message Syntax
Version 1.5," RFC 2315, March 1998.
[RFC2246] Dierks, T., Allen, C., "The TLS Protocol Version
1.0", RFC 2246, January 1999.
[RFC2437] Kaliski, B., and J. Staddon, "PKCS #1: RSA
Cryptography Specifications Version 2.0", RFC 2437,
October 1998.
[RFC2459] Housley, R., Ford, W., Polk, W. and D. Solo,
"Internet X.509 Public Key Infrastructure
Certificate and CRL Profile", RFC 2459, January
1999.
[RFC2630] Housley, R., "Cryptographic Message Syntax", RFC
2630, June 1999.
[RFC2660] Rescorla, E., and A. Schiffman, "The Secure
HyperText Transfer Protocol", RFC 2660, August 1999.
[RFC2898] Kaliski, B., "PKCS #5: Password-Based Cryptography
Specification Version 2.0", RFC 2898, September
2000.
[RFC3279] Polk, W., Housley, R., and L. Bassham, "Algorithms
and Identifiers for the Internet X.509 Public Key
Infrastructure Certificate and Certificate
Revocation List (CRL) Profile", RFC 3279, April
2002.
[RFC3369] Housley, R., "Cryptographic Message Syntax (CMS)",
RFC 3369, August 2002.
[RFC3370] Housley, R., "Cryptographic Message Syntax (CMS)
Algorithms", RFC 3370, August 2002.
Turner Expires December 8, 2010 [Page 5]
Internet-Draft MD2 to Historic Status May 2010
[RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography
Standards (PKCS) #1: RSA Cryptography Specifications
Version 2.1" RFC 3447, February 2003.
[RFC3851] Ramsdell, B., Ed., "Secure/Multipurpose Internet
Mail Extensions (S/MIME) Version 3.1 Message
Specification", RFC 3851, July 2004.
[RFC3852] Housley, R., "Cryptographic Message Syntax (CMS)
Algorithms", RFC 3852, July 2004.
[RFC4572] Lennox, J., "Connection-Oriented Media Transport
over the Transport Layer Security (TLS) Protocol in
the Session Description Protocol (SDP)", RFC 4572,
July 2006.
[RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)",
RFC 5652, August 2002.
[RSA-AdviceOnMD2] Robshaw, M.J.B., "On Recent Results for MD2, MD4
and MD5", Novemeber 1996,
ftp://ftp.rsasecurity.com/pub/pdfs/bulletn4.pdf
Authors' Addresses
Sean Turner
IECA, Inc.
3057 Nutley Street, Suite 106
Fairfax, VA 22031
USA
EMail: turners@ieca.com
Turner Expires December 8, 2010 [Page 6]| PAFTECH AB 2003-2026 | 2026-04-23 06:13:16 |