RFC relevance of standards

As per Relevance of the word standards, we have this rfc below:

Network Working Group A.
Request for Comments: 2857 University of
Category: Standards Track N.
Center for Information Technology
June 2000

The Use of HMAC-RIPEMD-160-96 within ESP and

Status of this

This document specifies an Internet standards track protocol for
Internet community, and requests discussion and suggestions
improvements. Please refer to the current edition of the "
Official Protocol Standards" (STD 1) for the standardization
and status of this protocol. Distribution of this memo is unlimited

Copyright

Copyright (C) The Internet Society (2000). All Rights Reserved

This memo describes the use of the HMAC algorithm [RFC 2104]
conjunction with the RIPEMD-160 algorithm [RIPEMD-160] as
authentication mechanism within the revised IPSEC
Security Payload [ESP] and the revised IPSEC Authentication
[AH]. HMAC with RIPEMD-160 provides data origin authentication
integrity protection

Further information on the other components necessary for ESP and
implementations is provided by [Thayer97a].

1.

This memo specifies the use of RIPEMD-160 [RIPEMD-160] combined
HMAC [RFC 2104] as a keyed authentication mechanism within
context of the Encapsulating Security Payload and the
Header. The goal of HMAC-RIPEMD-160-96 is to ensure that the
is authentic and cannot be modified in transit

HMAC is a secret key authentication algorithm. Data integrity
data origin authentication as provided by HMAC are dependent upon
scope of the distribution of the secret key. If only the source
destination know the HMAC key, this provides both data
authentication and data integrity for packets sent between the
parties; if the HMAC is correct, this proves that it must have
added by the source

Keromytis & Provos Standards Track [Page 1]

RFC 2857 HMAC-RIPEMD-160-96 within ESP and AH June 2000

In this memo, HMAC-RIPEMD-160-96 is used within the context of
and AH. For further information on how the various pieces of ESP -
including the confidentiality mechanism -- fit together to
security services, refer to [ESP] and [Thayer97a]. For
information on AH, refer to [AH] and [Thayer97a].

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
document are to be interpreted as described in [RFC 2119].

2. Algorithm and

[RIPEMD-160] describes the underlying RIPEMD-160 algorithm,
[RFC 2104] describes the HMAC algorithm. The HMAC algorithm
a framework for inserting various hashing algorithms such as RIPEMD
160.

HMAC-RIPEMD-160-96 operates on 64-byte blocks of data.
requirements are specified in [RIPEMD-160] and are part of
RIPEMD-160 algorithm. Padding bits are only necessary in
the HMAC-RIPEMD-160 authenticator value and MUST NOT be included
the packet

HMAC-RIPEMD-160-96 produces a 160-bit authenticator value.
160-bit value can be truncated as described in RFC2104. For use
either ESP or AH, a truncated value using the first 96 bits MUST
supported. Upon sending, the truncated value is stored within
authenticator field. Upon receipt, the entire 160-bit value
computed and the first 96 bits are compared to the value stored
the authenticator field. No other authenticator value lengths
supported by HMAC-RIPEMD-160-96.

The length of 96 bits was selected because it is the
authenticator length as specified in [AH] and meets the
requirements described in [RFC 2104].

2.1

[Bellare96a] states that "(HMAC) performance is essentially that
the underlying hash function". [RIPEMD-160] provides
performance analysis. As of this writing no detailed
analysis has been done of HMAC or HMAC combined with RIPEMD-160.

[RFC 2104] outlines an implementation modification which can
per-packet performance without affecting interoperability

Keromytis & Provos Standards Track [Page 2]

RFC 2857 HMAC-RIPEMD-160-96 within ESP and AH June 2000

3. Keying

HMAC-RIPEMD-160-96 is a secret key algorithm. While no fixed
length is specified in [RFC 2104], for use with either ESP or AH
fixed key length of 160-bits MUST be supported. Key lengths
than 160-bits SHALL NOT be supported. A key length of 160-bits
chosen based on the recommendations in [RFC 2104] (i.e. key
less than the authenticator length decrease security strength
keys longer than the authenticator length do not
increase security strength).

[RFC 2104] discusses requirements for key material, which includes
discussion on requirements for strong randomness. A strong pseudo
random function MUST be used to generate the required 160-bit key
Implementors should refer to RFC 1750 for guidance on
requirements for such functions

At the time of this writing there are no specified weak keys for
with HMAC. This does not mean to imply that weak keys do not exist
If, at some point, a set of weak keys for HMAC are identified,
use of these weak keys must be rejected followed by a request
replacement keys or a newly negotiated Security Association

[ESP] describes the general mechanism to obtain keying material
the ESP transform. The derivation of the key from some amount
keying material does not differ between the manual and automatic
management mechanisms

In order to provide data origin authentication, the key
mechanism must ensure that unique keys are allocated and that
are distributed only to the parties participating in
communication

[RFC 2104] states that for "minimally reasonable hash functions"
"birthday attack" is impractical. For a 64-byte block hash such
HMAC-RIPEMD-160-96, an attack involving the successful processing
2**64 blocks would be infeasible unless it were discovered that
underlying hash had collisions after processing 2**30 blocks. (
hash with such weak collision-resistance characteristics
generally be considered to be unusable.) No time-based attacks
discussed in the document

While it it still cryptographically prudent to perform
rekeying, current literature does not include any recommended
lifetimes for HMAC-RIPEMD. When recommendations for HMAC-RIPEMD
lifetimes become available they will be included in a revised
of this document

Keromytis & Provos Standards Track [Page 3]

RFC 2857 HMAC-RIPEMD-160-96 within ESP and AH June 2000

4. Interaction with the ESP Cipher

As of this writing, there are no known issues which preclude the
of the HMAC-RIPEMD-160-96 algorithm with any specific
algorithm

5. Security

The security provided by HMAC-RIPEMD-160-96 is based upon
strength of HMAC, and to a lesser degree, the strength of RIPEMD-160.
At the time of this writing there are no known
cryptographic attacks against RIPEMD-160.

It is also important to consider that while RIPEMD-160 was
developed to be used as a keyed hash algorithm, HMAC had
criteria from the onset

[RFC 2104] also discusses the potential additional security which
provided by the truncation of the resulting hash.
which include HMAC are strongly encouraged to perform this
truncation

As [RFC 2104] provides a framework for incorporating various
algorithms with HMAC, it is possible to replace RIPEMD-160 with
algorithms such as SHA-1. [RFC 2104] contains a detailed
on the strengths and weaknesses of HMAC algorithms

As is true with any cryptographic algorithm, part of its
lies in the correctness of the algorithm implementation, the
of the key management mechanism and its implementation, the
of the associated secret key, and upon the correctness of
implementation in all of the participating systems. [Kapp97]
contains test vectors and example code to assist in verifying
correctness of HMAC-RIPEMD-160-96 code

6.

This document is derived from work by C. Madson and R. Glenn and
previous works by Jim Hughes, those people that worked with Jim
the combined DES/CBC+HMAC-MD5 ESP transforms, the ANX
participants, and the members of the IPsec working group

7.

[RIPEMD-160] 3.ISO/IEC 10118-3:1998, "Information technology -
Security techniques - Hash-functions - Part 3:
Dedicated hash-functions," International
for Standardization, Geneva, Switzerland, 1998.

Keromytis & Provos Standards Track [Page 4]

RFC 2857 HMAC-RIPEMD-160-96 within ESP and AH June 2000

[RFC 2104] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC
Keyed-Hashing for Message Authentication", RFC 2104,
September, 1997.

[Bellare96a] Bellare, M., Canetti, R., Krawczyk, H., "Keying
Functions for Message Authentication", Advances
Cryptography, Crypto96 Proceeding, June 1996.

[ESP] Kent, S. and R. Atkinson, "IP Encapsulating
Payload (ESP)", RFC 2406, November 1998.

[AH] Kent, S. and R. Atkinson, "IP Authentication Header",
RFC 2402, November 1998.

[Thayer97a] Thayer, R., Doraswamy, N. and R. Glenn, "IP
Document Roadmap", RFC 2411, November 1998.

[Kapp97] Kapp, J., "Test Cases for HMAC-RIPEMD160 and HMAC
RIPEMD128", RFC 2286, March 1998.

[RFC 1750] Eastlake 3rd, D., Crocker, S. and J. Schiller
"Randomness Recommendations for Security", RFC 1750,
December 1994.

[RFC 2119] Bradner, S., "Key words for use in RFCs to
Requirement Levels", BCP 14, RFC 2119, March 1997.

8. Authors'

Angelos D.
Distributed Systems
Computer and Information Science
University of
200 S. 33rd
Philadelphia, PA 19104 - 6389

EMail: angelos@dsl.cis.upenn.

Niels
Center for Information Technology
University of
519 W.
Ann Arbor, Michigan 48103

EMail: provos@citi.umich.

Keromytis & Provos Standards Track [Page 5]

RFC 2857 HMAC-RIPEMD-160-96 within ESP and AH June 2000

The IPsec working group can be contacted through the chairs

Robert
International Computer Security

EMail: rgm@icsa.

Ted T'
VA Linux

EMail: tytso@valinux.

Keromytis & Provos Standards Track [Page 6]

RFC 2857 HMAC-RIPEMD-160-96 within ESP and AH June 2000

9. Full Copyright

Copyright (C) The Internet Society (2000). All Rights Reserved

This document and translations of it may be copied and furnished
others, and derivative works that comment on or otherwise explain
or assist in its implementation may be prepared, copied,
and distributed, in whole or in part, without restriction of
kind, provided that the above copyright notice and this paragraph
included on all such copies and derivative works. However,
document itself may not be modified in any way, such as by
the copyright notice or references to the Internet Society or
Internet organizations, except as needed for the purpose
developing Internet standards in which case the procedures
copyrights defined in the Internet Standards process must
followed, or as required to translate it into languages other
English

The limited permissions granted above are perpetual and will not
revoked by the Internet Society or its successors or assigns

This document and the information contained herein is provided on
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE

Funding for the RFC Editor function is currently provided by
Internet Society

Keromytis & Provos Standards Track [Page 7]

if you see any problems within the linking, don't worry be happy,
this is version 0.1 of the Relevance System and you gotta expect some crappy subroutines sometimes,
just be content we did not write this in Java, which would have made this "bigger and better" HAHAHHA.

RFC documents can be found at I.E.T.F.

Relevance System Copyright © 2002 Spectrum WorldResearch
other technical nosh by ServerMasters Corporation
collaboration of BobX