Re: [Anima-bootstrap] [Spasm] SHA1 usage in Anima-bootstrap voucher yang

Russ Housley <housley@vigilsec.com> Mon, 06 March 2017 15:54 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: anima-bootstrap@ietfa.amsl.com
Delivered-To: anima-bootstrap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88079129869 for <anima-bootstrap@ietfa.amsl.com>; Mon, 6 Mar 2017 07:54:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sw_q7MZzOYcD for <anima-bootstrap@ietfa.amsl.com>; Mon, 6 Mar 2017 07:54:30 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AEDF129867 for <anima-bootstrap@ietf.org>; Mon, 6 Mar 2017 07:54:30 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id BAF3D3002BC for <anima-bootstrap@ietf.org>; Mon, 6 Mar 2017 10:54:29 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id FdFC66sKqg-j for <anima-bootstrap@ietf.org>; Mon, 6 Mar 2017 10:54:28 -0500 (EST)
Received: from russhousleymbp.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id 68343300266; Mon, 6 Mar 2017 10:54:28 -0500 (EST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <24239.1488581517@obiwan.sandelman.ca>
Date: Mon, 6 Mar 2017 10:54:42 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <19405A7A-EC2C-4DE5-A18B-300EA10D0B03@vigilsec.com>
References: <18454.1488305685@obiwan.sandelman.ca> <14573.1488419571@obiwan.sandelman.ca> <8C184CD7-69EB-424B-9D95-1C64A8FD706F@vigilsec.com> <24239.1488581517@obiwan.sandelman.ca>
To: Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima-bootstrap/edbAcBB7AyonP2kWg8RGh6Vrh2k>
Cc: SPASM <SPASM@ietf.org>, anima-bootstrap <anima-bootstrap@ietf.org>
Subject: Re: [Anima-bootstrap] [Spasm] SHA1 usage in Anima-bootstrap voucher yang
X-BeenThere: anima-bootstrap@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <anima-bootstrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima-bootstrap/>
List-Post: <mailto:anima-bootstrap@ietf.org>
List-Help: <mailto:anima-bootstrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Mar 2017 15:54:31 -0000

Michael:

> Russ Housley <housley@vigilsec.com> wrote:
>> I’m sure you know that there are three important properties for hash
>> functions.  The are:
> 
> Yes.
> 
>> In the system you describe, it seems that an attacker would need to
>> find a preimage.  For SHA-1, we do not know of a way to do that yet,
>> but the 160-bit have value produced by SHA-1 is probably not big enough
>> to be considered safe in today's computing environment.
> 
>> It seems very odd to be developing a new standards that is using a hash
>> function that was deprecated at the end of 2010 by NIST.
> 
>> My personal recommendation ould be to move from SHA-1 to SHA-256.
> 
> Yes, I agree completely.
> 
> What I'm asking for, is if there is a good, well-established container that
> we can reference, that essentially gives us the agility to move from SHA1 to
> SHA256, and to SHA3 if we have to.
> 
> Alternatively, for the use case involved, which is to refer to a certificate
> by reference-to-CA + reference-to-DN, if there is some other construct that
> would better do what we want, and *also* provide us with the agility we would
> like.
> 
> (Some ownership vouchers may sit in filing cabinets for a few decades in
> a warehouse somewhere)


As Sean said, RFC 7093 gives ways that the CA can compute the Subject Key Identifier, and the CA can migrate from SHA-256 if needed in the future.

Russ