Skip to main content

MD4 to Historic Status
draft-turner-md4-to-historic-11

Revision differences

Document history

Date Rev. By Action
2011-01-11
11 Amy Vezza State changed to RFC Ed Queue from Approved-announcement sent.
2011-01-10
11 (System) IANA Action state changed to No IC from In Progress
2011-01-10
11 (System) IANA Action state changed to In Progress
2011-01-10
11 Amy Vezza IESG state changed to Approved-announcement sent
2011-01-10
11 Amy Vezza IESG has approved the document
2011-01-10
11 Amy Vezza Closed "Approve" ballot
2011-01-10
11 Amy Vezza Approval announcement text regenerated
2011-01-07
11 (System) Removed from agenda for telechat - 2011-01-06
2011-01-06
11 Cindy Morgan State changed to Approved-announcement to be sent::Point Raised - writeup needed from Waiting for AD Go-Ahead.
2011-01-06
11 (System) New version available: draft-turner-md4-to-historic-11.txt
2011-01-06
11 Ron Bonica [Ballot Position Update] New position, No Objection, has been recorded
2011-01-06
11 Ralph Droms [Ballot Position Update] New position, No Objection, has been recorded
2011-01-05
11 Russ Housley [Ballot Position Update] New position, Yes, has been recorded
2011-01-05
11 Tim Polk [Ballot Position Update] New position, No Objection, has been recorded
2011-01-05
11 Adrian Farrel
[Ballot comment]
As with the MD2 document, I think it is worth listing the standards
track documents shown in Section 3 as Updated in the …
[Ballot comment]
As with the MD2 document, I think it is worth listing the standards
track documents shown in Section 3 as Updated in the document header.

It looks to me that you might also want to update some of the
informational documents listed here.

The prime benefit is that those documents will be marked in the RFC
repository as having been updated by this document.

---

Abstract, etc.

Once published, this document should be more assertive. Thus:
OLD
This document recommends RFC 1320 be moved to Historic status.
NEW
This document moves RFC 1320 to Historic status.
END

etc.

---

4. Impact on Moving MD4 to Historic

s/on/of/

---

Section 4


  o MD4 was used in the Inter-Domain Routing Protocol (IDRP); each IDRP
    message carries a 16-octet hash that is computed by applying the
    MD-4 algorithm (RFC 1320) to the context of the message itself.
    Over time IDRP was replaced by BGP-4.

Need to add a refernce to 4271, and an indication that BGP-4 requires at
least MD-5. You could reference 2385, but that might be de trop.

---

Section 4

  o The three Microsoft RFCs, [RFC2433], [RFC2759], and [RFC4757], are

Do we need to describe these as "Microsoft RFCs"?
How about: "The three RFCs describing Microsoft protocols"?
2011-01-05
11 Adrian Farrel [Ballot Position Update] New position, No Objection, has been recorded
2011-01-05
11 Stewart Bryant [Ballot Position Update] New position, No Objection, has been recorded
2011-01-03
11 Jari Arkko [Ballot Position Update] New position, Yes, has been recorded by Jari Arkko
2010-12-31
11 Gonzalo Camarillo [Ballot Position Update] New position, No Objection, has been recorded
2010-12-29
10 (System) New version available: draft-turner-md4-to-historic-10.txt
2010-12-29
09 (System) New version available: draft-turner-md4-to-historic-09.txt
2010-12-29
11 (System) State changed to Waiting for AD Go-Ahead from In Last Call.
2010-12-19
11 Alexey Melnikov [Ballot comment]
The document header has:

  Updates: 1320 (once approved)

Why not "Obsoletes: 1320" ?
2010-12-19
11 Alexey Melnikov [Ballot Position Update] New position, Yes, has been recorded
2010-12-16
11 Peter Saint-Andre [Ballot Position Update] New position, Yes, has been recorded
2010-12-16
11 Samuel Weiler Request for Last Call review by SECDIR Completed. Reviewer: Catherine Meadows.
2010-12-16
11 Sean Turner [Ballot Position Update] New position, Recuse, has been recorded
2010-12-09
11 Amanda Baber We understand that this document does not require any IANA actions.
2010-12-06
11 Robert Sparks [Ballot Position Update] New position, Yes, has been recorded for Robert Sparks
2010-12-06
11 Robert Sparks Ballot has been issued
2010-12-06
11 Robert Sparks Created "Approve" ballot
2010-12-06
11 Robert Sparks Placed on agenda for telechat - 2011-01-06
2010-12-03
11 Samuel Weiler Request for Last Call review by SECDIR is assigned to Catherine Meadows
2010-12-03
11 Samuel Weiler Request for Last Call review by SECDIR is assigned to Catherine Meadows
2010-12-01
11 Amy Vezza Last call sent
2010-12-01
11 Amy Vezza
State changed to In Last Call from Last Call Requested.

The following Last Call Announcement was sent out:

From: The IESG
To: IETF-Announce
Reply-To: ietf@ietf.org …
State changed to In Last Call from Last Call Requested.

The following Last Call Announcement was sent out:

From: The IESG
To: IETF-Announce
Reply-To: ietf@ietf.org
Subject: Last Call:  (MD4 to Historic Status) to Informational RFC


The IESG has received a request from an individual submitter to consider
the following document:
- 'MD4 to Historic Status'
  as an Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2010-12-29. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

The file can be obtained via
http://datatracker.ietf.org/doc/draft-turner-md4-to-historic/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-turner-md4-to-historic/
2010-12-01
11 Robert Sparks Last Call was requested
2010-12-01
11 (System) Ballot writeup text was added
2010-12-01
11 (System) Last call text was added
2010-12-01
11 (System) Ballot approval text was added
2010-12-01
11 Robert Sparks State changed to Last Call Requested from Publication Requested.
2010-12-01
11 Robert Sparks Last Call text changed
2010-12-01
11 Robert Sparks Ballot writeup text changed
2010-12-01
11 Robert Sparks Last Call text changed
2010-11-29
08 (System) New version available: draft-turner-md4-to-historic-08.txt
2010-10-26
11 Cindy Morgan [Note]: 'Sean Turner (turners@ieca.com) is the document Shepherd.' added by Cindy Morgan
2010-10-26
11 Cindy Morgan
(1.a)  Who is the Document Shepherd for this document?  Has the
        Document Shepherd personally reviewed this version of the
    …
(1.a)  Who is the Document Shepherd for this document?  Has the
        Document Shepherd personally reviewed this version of the
        document and, in particular, does he or she believe this
        version is ready for forwarding to the IESG for publication?

Sean Turner is the document Shepherd.  He believes that it is ready
for publication.

Note that the write-up for this draft is very similar to
draft-turner-md2-to-historic.  As the two drafts are very similar.
Comments against one, when appropriate, were considered to equally
apply to the other.

(1.b)  Has the document had adequate review both from key WG members
        and from key non-WG members?  Does the Document Shepherd have
        any concerns about the depth or breadth of the reviews that
        have been performed?

The authors noted this document in a message requested reviews from
both the saag and cfrg.  There is no concern about the breadth of reviews.

The only concern I had (not the past tense) was with the last three
bullets in Section 4 that deal with MD4 and Microsoft's use.  Magnus
Nystrom reviewed and verified the text.  Also note, that Sam Hartman
wanted to ensure that RC4-HMAC issues were specifically be addressed.

(1.c)  Does the Document Shepherd have concerns that the document
        needs more review from a particular or broader perspective,
        e.g., security, operational complexity, someone familiar with
        AAA, internationalization, or XML?

The shepherd feels there is no need for a wider review.

(1.d)  Does the Document Shepherd have any specific concerns or
        issues with this document that the Responsible Area Director
        and/or the IESG should be aware of?  For example, perhaps he
        or she is uncomfortable with certain parts of the document, or
        has concerns whether there really is a need for it.  In any
        event, if the WG has discussed those issues and has indicated
        that it still wishes to advance the document, detail those
        concerns here.  Has an IPR disclosure related to this document
        been filed?  If so, please include a reference to the
        disclosure and summarize the WG discussion and conclusion on
        this issue.

(These two comments were specifically against
draft-turner-md2-to-historic but equally apply to this draft).

One issue raised during the review was whether the IESG can move a
document to historic that documents a company's algorithm.  To avoid
this issue, RSA was contacted and provided a statement indicating that
they are fine with deprecating RFC 1320.  This statement can be found
in Section 7.

Another issue raised was whether informational documents can be moved
to historic.  Specifically, Simon Josefsson and Joe Touch questioned
what it meant to move an informational document to historic.  Scott
Bradner was consulted (and his response was forward with consent to
the saag, pkix, smime, and cfrg lists) that it "seemed appropriate"
when "we want to say "do not use"".  Peter Gutmann, for one, suggested
that it " helps to have something like this formally retired so you
have a document to point to when someone wants to use (or continue to
use) MD2."

(1.e)  How solid is the WG consensus behind this document?  Does it
        represent the strong concurrence of a few individuals, with
        others being silent, or does the WG as a whole understand and
        agree with it?

(These two comments were specifically against
draft-turner-md2-to-historic but equally apply to this draft).

This is not the product of a WG.  No one objected to deprecating MD2,
but Simon Josefsson (who admitted he was playing devil's advocate)
suggested maybe another way to achieve the same goal; namely,
deprecate MD4's use in protocols that use it.  Joe Touch also
suggested an "security algorithms roadmap" to suggest what algorithm
was useful in which protocol.  With the addition of the security
considerations for MD4, some of these issues have been addressed.

(1.f)  Has anyone threatened an appeal or otherwise indicated extreme
        discontent?  If so, please summarize the areas of conflict in
        separate email messages to the Responsible Area Director.  (It
        should be in a separate email because this questionnaire is
        entered into the ID Tracker.)

There has been no threat of appeal.

(1.g)  Has the Document Shepherd personally verified that the
        document satisfies all ID nits?  (See
        http://www.ietf.org/ID-Checklist.html and
        http://tools.ietf.org/tools/idnits/.)  Boilerplate checks are
        not enough; this check needs to be thorough.  Has the document
        met all formal review criteria it needs to, such as the MIB
        Doctor, media type, and URI type reviews?  If the document
        does not already indicate its intended status at the top of
        the first page, please indicate the intended status here.

The shepherd has verified that the document satisfies all ID nits.
Note that the obsolete references are purposely included.

(1.h)  Has the document split its references into normative and
        informative?  Are there normative references to documents that
        are not ready for advancement or are otherwise in an unclear
        state?  If such normative references exist, what is the
        strategy for their completion?  Are there normative references
        that are downward references, as described in [RFC3967]?  If
        so, list these downward references to support the Area
        Director in the Last Call procedure for them [RFC3967].

The document does not split its references.  All references in this
informative document are informative.

(1.i)  Has the Document Shepherd verified that the document's IANA
        Considerations section exists and is consistent with the body
        of the document?  If the document specifies protocol
        extensions, are reservations requested in appropriate IANA
        registries?  Are the IANA registries clearly identified?  If
        the document creates a new registry, does it define the
        proposed initial contents of the registry and an allocation
        procedure for future registrations?  Does it suggest a
        reasonable name for the new registry?  See [RFC2434].  If the
        document describes an Expert Review process, has the Document
        Shepherd conferred with the Responsible Area Director so that
        the IESG can appoint the needed Expert during IESG Evaluation?

The document shepherd has no IANA considerations.  Note that MD4 is
not listed in the IANA Hash Function Textual Name Registry (and we
should keep it that way).

(1.j)  Has the Document Shepherd verified that sections of the
        document that are written in a formal language, such as XML
        code, BNF rules, MIB definitions, etc., validate correctly in
        an automated checker?

There is no formal language in this document.

(1.k)  The IESG approval announcement includes a Document
        Announcement Write-Up.  Please provide such a Document
        Announcement Write-Up.  Recent examples can be found in the
        "Action" announcements for approved documents.  The approval
        announcement contains the following sections:

        Technical Summary

This document recommends the retirement of MD4 and discusses the
reasons for doing so.  This document lists the RFCs that specified the
use of MD4 and what impact moving MD4 to Historic on these RFCs.

        Working Group Summary

The discussion on the saag and cfrg mailing lists were mostly about
how to deprecate MD4 not whether to do it.  As a result of comments,
the draft was expanded to update the security considerations for MD4.

        Document Quality

Prominent reviewers are noted in the draft's acknowledgment section.

        Personnel

Sean Turner is the Document Shepherd.
Robert Spanks is the Responsible Area Director.
2010-10-26
11 Cindy Morgan Draft Added by Cindy Morgan in state Publication Requested
2010-10-25
07 (System) New version available: draft-turner-md4-to-historic-07.txt
2010-10-18
06 (System) New version available: draft-turner-md4-to-historic-06.txt
2010-09-27
05 (System) New version available: draft-turner-md4-to-historic-05.txt
2010-09-24
04 (System) New version available: draft-turner-md4-to-historic-04.txt
2010-08-26
03 (System) New version available: draft-turner-md4-to-historic-03.txt
2010-07-12
02 (System) New version available: draft-turner-md4-to-historic-02.txt
2010-07-06
01 (System) New version available: draft-turner-md4-to-historic-01.txt
2010-07-06
00 (System) New version available: draft-turner-md4-to-historic-00.txt