RE: [Hash] BOF Goals

Paul Hoffman <> Thu, 21 July 2005 15:42 UTC

Received: from localhost.localdomain ([] by with esmtp (Exim 4.32) id 1DvdBs-00032x-42; Thu, 21 Jul 2005 11:42:28 -0400
Received: from ([] by with esmtp (Exim 4.32) id 1DvdBr-00030W-8o for; Thu, 21 Jul 2005 11:42:27 -0400
Received: from (ietf-mx []) by (8.9.1a/8.9.1a) with ESMTP id LAA10938 for <>; Thu, 21 Jul 2005 11:42:25 -0400 (EDT)
Received: from ([]) by with esmtp (Exim 4.43) id 1Dvdfu-0008Qt-2T for; Thu, 21 Jul 2005 12:13:31 -0400
Received: from [] ( []) (authenticated bits=0) by (8.12.11/8.12.9) with ESMTP id j6LFgG7V073500; Thu, 21 Jul 2005 08:42:17 -0700 (PDT) (envelope-from
Mime-Version: 1.0
Message-Id: <p06230965bf05705151aa@[]>
In-Reply-To: <>
References: <>
Date: Thu, 21 Jul 2005 08:42:16 -0700
To: Robert Zuccherato <>, 'Jon Callas' <>
From: Paul Hoffman <>
Subject: RE: [Hash] BOF Goals
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3
X-Mailman-Version: 2.1.5
Precedence: list
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>

At 10:05 AM -0400 7/21/05, Robert Zuccherato wrote:
>Given that many (most?) applications can simply switch to using RSA 
>with SHA-256 and that we have to wait for NIST on DSA anyway, I 
>don't think that there is any need to rush into anything.

Fully agree. I don't think anything in the charter has "rush" implied in it.

>Clearly there is important work to be done.  As Jon said though, 
>that work should probably be done in the IRTF rather than the IETF.

If the research is already being done in the cryptographic community, 
then it is fine to report on that research as input to an IETF 
Working Group. We do this all the time in other IETF contexts, such 
as commercial and academic research being done on real-time 
applications having an effect in the various SIP-related working 
groups. Lots of crypto research appears in other Security area 
working groups, of course.

If the research is *not* being done yet, it is far from clear if we 
could get it to happen in an IRTF research group, particularly 
because the perceived need for the research is low. The CFRG has not 
produced much in the way of crypto research. In fact, the only active 
CFRG Internet Draft is the one we are talking about here in this WG.

--Paul Hoffman, Director
--VPN Consortium

Hash mailing list