Hash BOF review

From: EKR
Subject: Review of HASH BoF
Date: 20050802

Background:
In the past year, we've seen successful attacks on MD5 and SHA-1.
I won't bore you with the details, but it's made people start
to think about what we can do to deal with this. The Hash BOF
was intended to explore this space.

There are a number of potential things IETF could do:

1. Design a new hash algorithm.
2. State requirements for new hash algorithms.
3. Standardize some set of countermeasures for using existing
   hash functions more safely (randomized hashing, preprocessing,
   etc.)
4. Go through all the IETF protocols and figure out where we
   need to change hash functions. (The attacks don't destroy
   all uses of hashes)
5. Go through the major IETF protocols and figure out transition
   strategies.

There was consensus that (1) was a bad idea and some enthusiasm 
for 2,3, and 5. Not so much for 4. The BOF didn't finish with any real 
consensus on what to do.

My personal view is that we don't understand the solution space
well enough to standardize countermeasures at this point.
The IRTF is working on a draft that will probably eventually
represent the consensus of the crypto community, but we're
not there yet. Going through the protocols, where they're vulnerable,
and figuring out transition strategies seems very important, as
does requirements.