Re: [babel] Blake2S, blake2B or neither? [was: rather than ripemd160...]

Toke Høiland-Jørgensen <toke@toke.dk> Fri, 30 November 2018 13:23 UTC

Return-Path: <toke@toke.dk>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DACC1292AD for <babel@ietfa.amsl.com>; Fri, 30 Nov 2018 05:23:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=toke.dk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GtHx1Xe971Hf for <babel@ietfa.amsl.com>; Fri, 30 Nov 2018 05:23:34 -0800 (PST)
Received: from mail.toke.dk (mail.toke.dk [52.28.52.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDB71127333 for <babel@ietf.org>; Fri, 30 Nov 2018 05:23:33 -0800 (PST)
From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= <toke@toke.dk>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=20161023; t=1543584166; bh=UK0z5kc+1Hj/OQBnFx1GjMMGrEVfwYC6rvku7AKhH2U=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=b0XgvlWqaC+2Mz9B3SsYXxQS5k+5aMNvIU0tdR2O3Dqvk/FygZ25R9brr1PsmGxoo cwycPdPfuiEejV+mgSQdutSP8VKkWxQNY95uS0jRl5WwUtuE8cfeyo5A2eXRN8Wsr6 8w6lirt5nzTGXj1KY5knI547epX9eenmg7MOQPUpkp3eJ0mZu5fmfwCmJabJye2+Wj VxxH9eFBL7ai2bqBKO2jHh7SYhwvbzoShXgL397SdsWpvRdt0Zco7mc2Em2206BxQt v3A9BhqSjv31erdMwzJEJw6Z6ffraAtcdX/ZH0yF9G0k8rt44nc5QPWhE7tBJtpZUI 9euh9nskezz+g==
To: Juliusz Chroboczek <jch@irif.fr>
Cc: Markus Stenberg <markus.stenberg@iki.fi>, Dave =?utf-8?Q?T=C3=A4ht?= <dave@taht.net>, babel-users <babel-users@lists.alioth.debian.org>, babel@ietf.org
In-Reply-To: <87in0e6c6v.wl-jch@irif.fr>
References: <CAA93jw5fHRm21yEJsabiiOF1ZP7Zh3M_gEgRo0imBOpRGhf0qA@mail.gmail.com> <87in0koun6.wl-jch@irif.fr> <87in0kx98o.fsf@toke.dk> <CAA93jw5gaYgyUX-ABX156_TnFX25Sy5SLyuRgd28fMLfRW4UHA@mail.gmail.com> <871s78x7z0.fsf@toke.dk> <2D09D61DDFA73D4C884805CC7865E6114DF44154@GAALPA1MSGUSRBF.ITServices.sbc.com> <87pnurwo5e.fsf@toke.dk> <CAPDSy+5QDu_kW-f=JWO1cPJJnDwDNpVwxwVC9SxfcE5+EOMpRg@mail.gmail.com> <87o9a9v3c6.fsf@toke.dk> <875zwhxv28.wl-jch@irif.fr> <8736rl16yj.fsf@taht.net> <87lg5cxuql.fsf@taht.net> <1C6B19AE-EAA7-4329-A364-8E4C059DAC01@iki.fi> <87woouq24j.fsf@toke.dk> <87in0e6c6v.wl-jch@irif.fr>
Date: Fri, 30 Nov 2018 14:22:44 +0100
X-Clacks-Overhead: GNU Terry Pratchett
Message-ID: <87o9a6pumz.fsf@toke.dk>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/LZl7ybcKkCaWihD5mB8B71Xszyk>
Subject: Re: [babel] Blake2S, blake2B or neither? [was: rather than ripemd160...]
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2018 13:23:36 -0000

Juliusz Chroboczek <jch@irif.fr> writes:

>>> With these numbers, I withdraw my support of including anything else
>>> than SHA256 as MTI. I think specifying Blake2B or 2S as well makes
>>> sense (mostly for crypto robustness reasons for having alternative
>>> that is specified) but making it MAY-SHOULD seems sensible to me.
>
>> I can probably live with that :)
>
> Excellent, it looks like we're converging.  Thanks to both of you for the
> informative and kind discussion.
>
> At this stage, I see four possibilities:
>
>   (1) leave the document as it is;
>   (2) add a mention that implementation of Blake2S is RECOMMENDED (SHOULD);
>   (3) add a mention that implementation of Blake2B is RECOMMENDED;
>   (4) add a mention that implementation of both 2B and 2S is RECOMMENDED.
>
> I am in favour of (1), since I am convinced that SHA256 is fast enough for
> all reasonable devices.  (2) makes sense to me, and I won't oppose it.
> I'll need some convincing in order to do (3) or (4), since Blake2B does
> not appear bring any significant speed advantage over SHA256.

I'm in favour of (2).

> In either case, I'm planning to implement SHA256, Blake2B and Blake2S in
> the reference implementation.

Cool. I'll do the same in Bird, then :)

-Toke