Re: [dane] Digest identifiers in -registry-acronyms-02
mrex@sap.com (Martin Rex) Wed, 11 December 2013 00:05 UTC
Return-Path: <mrex@sap.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C87F91AE2DC for <dane@ietfa.amsl.com>; Tue, 10 Dec 2013 16:05:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.552
X-Spam-Level:
X-Spam-Status: No, score=-6.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6wn5v9XC1CZa for <dane@ietfa.amsl.com>; Tue, 10 Dec 2013 16:05:25 -0800 (PST)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by ietfa.amsl.com (Postfix) with ESMTP id 06A7B1AE2D2 for <dane@ietf.org>; Tue, 10 Dec 2013 16:05:24 -0800 (PST)
Received: from mail05.wdf.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id rBB05IW8012723 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 11 Dec 2013 01:05:18 +0100 (MET)
In-Reply-To: <CAL02cgSf03cNW6U89jQKrqXB9bQRRCYx+engEkR1ksi4RH6ysg@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Date: Wed, 11 Dec 2013 01:05:18 +0100
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20131211000518.1F78E1AB45@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Cc: "dane@ietf.org" <dane@ietf.org>
Subject: Re: [dane] Digest identifiers in -registry-acronyms-02
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: mrex@sap.com
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Dec 2013 00:05:28 -0000
Richard Barnes wrote: > > The digest identifiers in draft-ietf-dane-registry-acronyms-02 seem a > little silly, in that nobody else in the world really seems to care that > these are variants of SHA2. The standard practice across many libraries is > to just use some variant of "SHA-XXX", where XXX=256,384,512. while sha224, sha256, sha384 and sha512 are members of the SHA2-Family, they're not all the same algorithm, they use two seperate algorithms. sha256 + sha224 use the same 32-bit algorithm (different internal start value, output truncation for sha224) http://tools.ietf.org/html/rfc6234#section-5.1 sha512 + sha384 use the same 64-bit algorithm (different internal start value, output truncation for sha384) http://tools.ietf.org/html/rfc6234#section-5.2 > > So I would suggest we just change these to "SHA-256" and "SHA-512". In theory, reusing (or copying) an existing IANA registry would be preferable to inventing yet another different variant. Unfortunately, it seems that all variants already exist... TLS: http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-18 0 none Y [RFC5246] 1 md5 Y [RFC5246] 2 sha1 Y [RFC5246] 3 sha224 Y [RFC5246] 4 sha256 Y [RFC5246] 5 sha384 Y [RFC5246] 6 sha512 Y [RFC5246] PKIX/CMS: http://www.iana.org/assignments/hash-function-text-names/hash-function-text-names.xhtml "md2" 1.2.840.113549.2.2 [RFC3279] "md5" 1.2.840.113549.2.5 [RFC3279] "sha-1" 1.3.14.3.2.26 [RFC3279] "sha-224" 2.16.840.1.101.3.4.2.4 [RFC4055] "sha-256" 2.16.840.1.101.3.4.2.1 [RFC4055] "sha-384" 2.16.840.1.101.3.4.2.2 [RFC4055] "sha-512" 2.16.840.1.101.3.4.2.3 [RFC4055] IPSEC: http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xhtml#ipsec-registry-6 1 MD5 [RFC1321] 2 SHA [NIST, FIPS PUB 180-1: Secure Hash Standard, April 1995.] 3 Tiger [Anderson, R., and Biham, E., "Fast Software Encryption", Springer LNCS v. 1039, 1996.] 4 SHA2-256 [Marcus_Leech][RFC4868] 5 SHA2-384 [Marcus_Leech][RFC4868] 6 SHA2-512 [Marcus_Leech][RFC4868] DKIM: http://www.iana.org/assignments/dkim-parameters/dkim-parameters.xhtml#dkim-parameters-7 sha1 [FIPS-180-3-2008] active sha256 [FIPS-180-3-2008] active DNSSEC/NSEC3: http://www.iana.org/assignments/dnssec-nsec3-parameters/dnssec-nsec3-parameters.xhtml#dnssec-nsec3-parameters-3 0 Reserved [RFC5155] 1 SHA-1 [RFC5155] DNSSEC: http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml#dns-sec-alg-numbers-1 Number Description Mnemonic 5 RSA/SHA-1 RSASHA1 Y Y [RFC3110][RFC4034] 6 DSA-NSEC3-SHA1 DSA-NSEC3-SHA1 Y Y [RFC5155][proposed standard] 8 RSA/SHA-256 RSASHA256 Y * [RFC5702][proposed standard] 9 Reserved [RFC6725] 10 RSA/SHA-512 RSASHA512 Y * [RFC5702][proposed standard] RFC 4634 / 6234 http://tools.ietf.org/html/rfc6234#page-3 4.1. SHA-224 and SHA-256 4.2. SHA-384 and SHA-512 -Martin
- [dane] Digest identifiers in -registry-acronyms-02 Richard Barnes
- Re: [dane] Digest identifiers in -registry-acrony… Olafur Gudmundsson
- Re: [dane] Digest identifiers in -registry-acrony… Richard Barnes
- Re: [dane] Digest identifiers in -registry-acrony… Viktor Dukhovni
- Re: [dane] Digest identifiers in -registry-acrony… Martin Rex
- Re: [dane] Digest identifiers in -registry-acrony… Paul Wouters