Re: Standardize RSA/SHA256 ?
Simon Josefsson <jas@extundo.com> Fri, 12 May 2006 09:58 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FeUPm-0002wk-QE for dnsext-archive@lists.ietf.org; Fri, 12 May 2006 05:58:30 -0400
Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FeUPl-0000pn-9g for dnsext-archive@lists.ietf.org; Fri, 12 May 2006 05:58:30 -0400
Received: from majordom by psg.com with local (Exim 4.60 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1FeUN8-000EAa-V3 for namedroppers-data@psg.com; Fri, 12 May 2006 09:55:46 +0000
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on psg.com
X-Spam-Level:
X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,FORGED_RCVD_HELO autolearn=ham version=3.1.1
Received: from [217.13.230.178] (helo=yxa.extundo.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.60 (FreeBSD)) (envelope-from <jas@extundo.com>) id 1FeUN4-000E9g-Ut for namedroppers@ops.ietf.org; Fri, 12 May 2006 09:55:43 +0000
Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge1) with ESMTP id k4C9t6sY006505 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 12 May 2006 11:55:07 +0200
From: Simon Josefsson <jas@extundo.com>
To: Jelte Jansen <jelte@NLnetLabs.nl>
Cc: namedroppers@ops.ietf.org
Subject: Re: Standardize RSA/SHA256 ?
References: <6.2.5.6.2.20060508094001.03182b80@ogud.com> <Pine.LNX.4.44.0605091629550.31070-100000@citation2.av8.net> <87vesecle7.fsf@latte.josefsson.org> <44644DBB.3080605@NLnetLabs.nl>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:060512:jelte@nlnetlabs.nl::QNiohHBTV4FDGlxb:7Mmc
X-Hashcash: 1:22:060512:namedroppers@ops.ietf.org::vuIN/3JhCGksX6A4:vdTG
Date: Fri, 12 May 2006 11:54:56 +0200
In-Reply-To: <44644DBB.3080605@NLnetLabs.nl> (Jelte Jansen's message of "Fri, 12 May 2006 10:56:27 +0200")
Message-ID: <871wuzbma7.fsf@latte.josefsson.org>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com
X-Virus-Status: Clean
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 21c69d3cfc2dd19218717dbe1d974352
Jelte Jansen <jelte@NLnetLabs.nl> writes: >> >>> For the above reasons, I think that we have time to consider the >>> correct course of action. There is no need to rush into more >>> algorithms which require more code on nameservers and resolvers. >> >> Yes, or at least, we need to document a more compelling reason to do >> RSA-SHA-265. >> > > So why is this an issue for RSA/SHA256, and not for > draft-ietf-dnsext-ds-sha256-05.txt, which also makes SHA256 mandatory? I suppose it applies to both. Changing the RSA signature algorithm also begs the question: Do we want to move to RSA-PSS? See PKCS#1 2.1 in RFC 3447. I believe RFC 3447, and RSA Labs has encouraged a gradual shift from RSA-PKCS#1 1.5 to RSA-PSS for a few years now: http://www.rsasecurity.com/rsalabs/node.asp?id=2005 One advantage with RSA-PSS is that it is easier to analyse theoretically, and there are security proofs for it. One disadvantage is that RSA-PSS requires entropy during signing. > btw, both drafts don't deprecate SHA-1 but do assume that SHA256 is > stronger and contain text about downgrade attacks based on this assumption. Ólafur wrote: Q3: My personal opinion not speaking as a chair: If RSA/SHA256 is specified then RSA/SHA1 should be tagged as "Not recommended". /Simon -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- Standardize RSA/SHA256 ? Ólafur Guðmundsson /DNSEXT co-chair
- Re: Standardize RSA/SHA256 ? Simon Josefsson
- Re: Standardize RSA/SHA256 ? Jelte Jansen
- Re: Standardize RSA/SHA256 ? Ben Laurie
- Re: Standardize RSA/SHA256 ? Ólafur Guðmundsson /DNSEXT co-chair
- Re: Standardize RSA/SHA256 ? Ólafur Guðmundsson /DNSEXT co-chair
- RE: Standardize RSA/SHA256 ? Hallam-Baker, Phillip
- Re: Standardize RSA/SHA256 ? Wes Hardaker
- Re: Standardize RSA/SHA256 ? Russ Mundy
- Re: Standardize RSA/SHA256 ? Hilarie Orman