Re: [dane] Digest identifiers in -registry-acronyms-02

Richard Barnes <rlb@ipv.sx> Tue, 10 December 2013 22:18 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAF5F1AE0FA for <dane@ietfa.amsl.com>; Tue, 10 Dec 2013 14:18:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6M5jhNNq4-_U for <dane@ietfa.amsl.com>; Tue, 10 Dec 2013 14:18:34 -0800 (PST)
Received: from mail-oa0-f52.google.com (mail-oa0-f52.google.com [209.85.219.52]) by ietfa.amsl.com (Postfix) with ESMTP id C54D71AE0F3 for <dane@ietf.org>; Tue, 10 Dec 2013 14:18:34 -0800 (PST)
Received: by mail-oa0-f52.google.com with SMTP id h16so6237840oag.25 for <dane@ietf.org>; Tue, 10 Dec 2013 14:18:29 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=XoY9VIM3pwy1jPVDeucbSXyiRjsbVsjcyk3Arqq8fLA=; b=IAao67Cnfo86shb5yYHBci7DmgNTaDcjkQRg2sQBA+AoxQoxSjARhH1qgGjJgWfLVV YTHKGo2d2UDEQjLafK/KJ6sXttbA2pZc4aUrTXrTUS9PkPUX/eERiHRr8osTDAzVYRwu +3NrD64LA2TxAdTu+rz78ac7V8zwlRkPJ/owahOiNwqhO2k5/+K4lM6sndE5vigBUjRc xqn7oeR6py6AKZUC3eqsvl+QfRFAGCJBwgoHTZWeNN27000SqmyySjkCcH4daeolMtri cJh75GFpB/vTEfLp/L5c0P5iwJFKXbkapwvDpCejXSJWpiiCfSfzGW+HfjauCiQRxNUC pHuw==
X-Gm-Message-State: ALoCoQlWdctSIDxFP2JlY/4kLJ/Nrh7RnmCfVdePuGpHuRzzDpkocBsgWtRtMKok8K6lKSSaBLtV
MIME-Version: 1.0
X-Received: by 10.183.3.102 with SMTP id bv6mr18565262obd.18.1386713909391; Tue, 10 Dec 2013 14:18:29 -0800 (PST)
Received: by 10.60.31.74 with HTTP; Tue, 10 Dec 2013 14:18:29 -0800 (PST)
In-Reply-To: <278BCBAE-5D0C-42F5-A73A-D31B6CCF93BF@ogud.com>
References: <CAL02cgSf03cNW6U89jQKrqXB9bQRRCYx+engEkR1ksi4RH6ysg@mail.gmail.com> <278BCBAE-5D0C-42F5-A73A-D31B6CCF93BF@ogud.com>
Date: Tue, 10 Dec 2013 17:18:29 -0500
Message-ID: <CAL02cgSErsHor-H4pJnNnJ2Rje2xc5JaViTksdjKNv9iDzn32w@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Olafur Gudmundsson <ogud@ogud.com>
Content-Type: multipart/alternative; boundary=001a1134a45cf9835304ed357d47
Cc: "dane@ietf.org" <dane@ietf.org>
Subject: Re: [dane] Digest identifiers in -registry-acronyms-02
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Dec 2013 22:18:37 -0000

Fair enough, I guess.  But all of these libraries already have algorithm
IDs for SHA256/SHA512, so some new convention is going to have to come for
SHA3/512.

I can just see the administrators saying "Damn, I forgot the '2' again!"


On Tue, Dec 10, 2013 at 4:34 PM, Olafur Gudmundsson <ogud@ogud.com> wrote:

>
> On Dec 10, 2013, at 4:29 PM, Richard Barnes <rlb@ipv.sx> wrote:
>
> > (Sorry if this has already been raised, but…)
> >
> > The digest identifiers in draft-ietf-dane-registry-acronyms-02 seem a
> little silly, in that nobody else in the world really seems to care that
> these are variants of SHA2.  The standard practice across many libraries is
> to just use some variant of "SHA-XXX", where XXX=256,384,512.
> >
>
> Richard,
>
> First version had this but an comment was made that we could have both
> SHA2  and SHA3 in 512 bit variant thus the recommendation
> was to future proof us.
>
> > OpenSSL: shaXXX
> > WebCrypto: SHA-XXX
> > BouncyCastle: SHAXXXDigest
> > CNG: BCRYPT_SHAXXX_ALGORITHM
> > PKCS#11: CKM_SHAXXX
> >
> > So I would suggest we just change these to "SHA-256" and "SHA-512".
>
> Unless the chair's tell me to make the change it will not be made,
> feel free to bring this up in the IETF LC if you think this is important.
>
>         Olafur
>
> >
> > --Richard
> >
> > _______________________________________________
> > dane mailing list
> > dane@ietf.org
> > https://www.ietf.org/mailman/listinfo/dane
>
>