New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Digest Headers: what about the other algorithms? #828
Comments
@phluid61 thanks for your question! I really appreciate some guidance here! What should we put there instead of Here's the rationale for the current choice:
This draft:
Thanks for your time! |
I'm pretty sure those RFCs predate standardised registration, so it's definitely going to be a mess. I think you could mark ADLER32 as 'obsoleted' (see: https://tools.ietf.org/html/rfc4460#section-2.38 ) I think the references in the registry are still the most relevant. CRC32c is 'standard', as far as I can see. |
WDYT of adding a subsection to section 9 - "Obsolete ADLER32 Digest Algorithm" that cites Stream Control Transmission Protocol (SCTP) Checksum Change https://tools.ietf.org/html/rfc3309 |
Ok for me. Do you agree to leave this to |
Please keep -00 as close to the draft we adopted as possible. |
Seems that ADLER32 is still used by various projects, like dcache.org, for a weak form of validation. @paulmillar is mentioned in the IANA table too :) Can you share your view on the subject? |
ADLER32 and CRC32c are well-defined, standardised, algorithms. But there is no spec specifically registering them for use in the HTTP Digest header. My judgement at the time (as the designated expert for that IANA table of HTTP Digest Algs) was that it was sufficient for the algorithms to have specs, without demanding an extra spec just to added them to the table. ADLER32 was added (despite its limitations for short messages described in RFC3309 "SCTP Checksum Change") as it was widely used in FTP, which HTTP was replacing in many situations. As for the new "Status" column ... ADLER32 is deprecated in SCTP, but presumably still widely used in ZLIB. So for the HTTP Digest table ... uhmm ... "obsolete" or "standard" (or "informational"?) is probably fine. I suggest adding ADLER32 and CRC32c to draft-ietf-httpbis-digest-headers. That tidies up the registration. |
Thanks @manger. I thought to two possibilities:
@reschke who can provide some guidance on that? |
@ioggstream From a quick read through the document, it seems this document assumes the reason for requesting a checksum is to verify the image has not been modified by a potentially hostile agent. For this use-case, using a non-crypto hash (e.g., ALDER32) or a crypto hash that has been broken (such as MD5) is (very likely) a bad choice. However, there are potentially other use-cases for requesting a hash. One such example is when a file has been transferred and (soon after) the user/client wishes to verify the integrity of the transfer against accidental (i.e. non-malicious) corruption. In such cases, a non-cryptographically strong algorithm may be acceptable. The other (related) scenario is where the only known-good value for a file's hash was calculated using an algorithm that is either not intended to be crypto-strong (e.g., ADLER32), or using an algorithm that has been compromised (e.g., MD5). Under these circumstances, the client may wish to know the remote content's hash using such algorithms, as it provides at least some measure of protection. My suggestion would be something along the lines of ...
The onus is on the client to decide which algorithms are appropriate for their use-case. This isn't dictated by the document (and will likely change over time, anyway, as more hash algorithms are broken). |
@paulmillar thanks for your feedback! What do you think of this PR? #877
As the number of messages grow, chance or purpose may not change that much :)
We decided not to support broken crypto algorithms. If you don't need
While the receiver (either client or server) may even ignore |
Hi @ioggstream
I've commented on the PR directly, but (in summary) the PR looks OK as-is, but I wondered if it would be helpful to split the behaviour of the agent generating the insecure hash from the behaviour of the recipient. (see PR for a concrete suggestion).
There's an additional consideration: number of bits. ADLER32 and CRC32 are both 32-bit algorithms. When dealing with large volumes of data there's an increased risk of non-malicious corruption that (by chance) a 32-bit algorithm fails to detect. There is some interest in using MD5 not for its (broken) cryptographic behaviour, but simply because a hash has 128-bits. |
Thanks!
We deeply discussed MD5 in #867 Feel free to add your comments there - though the decision was taken we are still in draft. |
Obsolete ADLER-32 but don't forbid it. It's now NOT RECOMMENDED #828
Update CRC32C value in iana table. Related to: #828.
@phluid61 @LPardue Addressed via
Can we close? |
@phluid61 great! |
ADLER32 and CRC32c are in the registry, but not mentioned in the text (although they are covered by this blanket statement)
Is it ok to gloss them this way?
The text was updated successfully, but these errors were encountered: