Re: [dane] hash truncated to 28 octets
Paul Wouters <paul@nohats.ca> Tue, 04 August 2015 07:50 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BE2A1A8911 for <dane@ietfa.amsl.com>; Tue, 4 Aug 2015 00:50:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yIvTtEmpuF07 for <dane@ietfa.amsl.com>; Tue, 4 Aug 2015 00:50:42 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E83F1A0276 for <dane@ietf.org>; Tue, 4 Aug 2015 00:50:42 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3mlpCy104vz3Mt; Tue, 4 Aug 2015 09:50:38 +0200 (CEST)
Authentication-Results: mx.nohats.ca; dkim=pass (1024-bit key) header.d=nohats.ca header.i=@nohats.ca header.b=XnW4qMeb
X-OPENPGPKEY: Message passed unmodified
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id lD7w-9IxkzZc; Tue, 4 Aug 2015 09:50:37 +0200 (CEST)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Tue, 4 Aug 2015 09:50:37 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 6C58380042; Tue, 4 Aug 2015 03:50:36 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1438674636; bh=g4/ReULYuq6vjB/ikf7NojMx9JJo5nnWNATJ5R6ngTo=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=XnW4qMebeB3MY2gXnCLMmkASCc7OxVVsFW95Q2xJAVlMsxpKb5WJSO/RBRlECh9q6 0sLmgs03Fqulv8MYPt+i2CFMEls4DXRLGtPhxzsMPidauqvVJelX09FvDS4Cvwj4BX ew2jrQvfLKS0xMOpnuJ0j+YdBYqLRTVwJUZAb6ZA=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.15.1/8.15.1/Submit) with ESMTP id t747oWpe010910; Tue, 4 Aug 2015 03:50:36 -0400
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Tue, 04 Aug 2015 03:50:32 -0400
From: Paul Wouters <paul@nohats.ca>
To: Jiankang Yao <yaojk@cnnic.cn>
In-Reply-To: <2015080410094450139169@cnnic.cn>
Message-ID: <alpine.LFD.2.11.1508040347480.9978@bofh.nohats.ca>
References: <2015080410094450139169@cnnic.cn>
User-Agent: Alpine 2.11 (LFD 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="ISO-8859-15"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/m9jGUhAel8v6iDMRZDzmbdYViiY>
Cc: dane <dane@ietf.org>
Subject: Re: [dane] hash truncated to 28 octets
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Aug 2015 07:50:44 -0000
On Tue, 4 Aug 2015, Jiankang Yao wrote: > I just read this draft. Note we are changing that part of the draft to use another mechanism instead of hashing. > Question: > 1, why should it be hash truncated to 28 octets ? why choose 28 not other numbers? It was to match the length of the previous draft's sha224 version. That algorithm wasn't available on all platforms (eg Microsoft) so it was changed to sha256 but truncated. Truncation was to make the labels smaller and more managable. > 2,since some local-parts are longer than 28 octets, are there some collisions after hash truncated to 28 octets ? I think if you have 100.000 email addresses in one domain, the chance of collision would be pretty small. but non-zero. anyway, we will use base32 split encoding in the next version of the draft. Paul
- [dane] hash truncated to 28 octets Jiankang Yao
- Re: [dane] hash truncated to 28 octets Paul Wouters
- Re: [dane] hash truncated to 28 octets Hosnieh Rafiee
- Re: [dane] hash truncated to 28 octets Viktor Dukhovni
- Re: [dane] hash truncated to 28 octets Viktor Dukhovni