[COSE] Benjamin Kaduk's No Objection on draft-ietf-cose-hash-algs-06: (with COMMENT)
Benjamin Kaduk via Datatracker <noreply@ietf.org> Sat, 11 July 2020 01:06 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: cose@ietf.org
Delivered-To: cose@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 982A33A09A5; Fri, 10 Jul 2020 18:06:05 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Kaduk via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-cose-hash-algs@ietf.org, cose-chairs@ietf.org, cose@ietf.org, Ivaylo Petrov <ivaylo@ackl.io>, ivaylo@ackl.io
X-Test-IDTracker: no
X-IETF-IDTracker: 7.7.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Benjamin Kaduk <kaduk@mit.edu>
Message-ID: <159442956559.24063.13675507837676989872@ietfa.amsl.com>
Date: Fri, 10 Jul 2020 18:06:05 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/5nboTxPNquDthYp1Ifa9-ie5CSg>
Subject: [COSE] Benjamin Kaduk's No Objection on draft-ietf-cose-hash-algs-06: (with COMMENT)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jul 2020 01:06:06 -0000
Benjamin Kaduk has entered the following ballot position for draft-ietf-cose-hash-algs-06: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-cose-hash-algs/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for the past and pending updates to address my Discuss point. A few new comments on the -06: Section 2 attacks, SHOULD NOT be used for a cryptographic purpose. The discovery of theoretical collision attacks against a given hash function SHOULD trigger a review of the continued suitability of the algorithm if alternatives are available and migration is viable. The It's not really clear who this SHOULD is binding upon. An example of a non-cryptographic use of a hash is for filtering from a collection of values to find a set of possible candidates, the candidates can then be check to see if they can successfully be used. This turned into a comma splice; I'd just make it use a semicolon (and independently do s/check/checked/) Section 3.1 this hash algorithm. Some of these situations are with historic HSMs where only SHA-1 is implemented, other situations are where the SHA-1 value is used for the purpose of filtering and thus the collision resistance property is not needed. nit: comma splice The COSE capabilities for these algorithms is an empty array. This went from "this algorithm" to "these algorithms" in the -05, but I missed why -- it's just the one SHA-1 algorithm, I thought. Section 3.2 * *SHA-256/64* provides a truncated hash. The length of the truncation is designed to allow for smaller transmission size. The trade-off is that the odds that a collision will occur increase proportionally. Use of this hash function needs analyze of the potential problems with having a collision occur, or must be limited to where the function of the hash is non-cryptographic. With the rest of the rewording, we have to go back to "analysis" from "analyze". (Sorry!) Section 3.3 The SHA-3 hash algorithms have a significantly different structure than the SHA-2 hash algorithms. One of the benefits of this difference is that when computing a shorter SHAKE hash value, the value is not a prefix of the result of computing the longer hash. (This last sentence is scheduled for removal.)
- [COSE] Benjamin Kaduk's No Objection on draft-iet… Benjamin Kaduk via Datatracker
- Re: [COSE] Benjamin Kaduk's No Objection on draft… Murray S. Kucherawy
- Re: [COSE] Benjamin Kaduk's No Objection on draft… Benjamin Kaduk