[Hash] Charter discussion, round 2

Paul Hoffman <paul.hoffman@vpnc.org> Sun, 26 June 2005 16:16 UTC

Received: from localhost.localdomain ([] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DmZnh-00014A-6s; Sun, 26 Jun 2005 12:16:05 -0400
Received: from odin.ietf.org ([] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DmZnf-00013b-EC for hash@megatron.ietf.org; Sun, 26 Jun 2005 12:16:03 -0400
Received: from ietf-mx.ietf.org (ietf-mx []) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA15928 for <hash@ietf.org>; Sun, 26 Jun 2005 12:16:00 -0400 (EDT)
Received: from above.proper.com ([]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DmaCd-00041G-P7 for hash@ietf.org; Sun, 26 Jun 2005 12:41:52 -0400
Received: from [] (dsl2-63-249-92-231.cruzio.com []) (authenticated bits=0) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5QGFu8I019084 for <hash@ietf.org>; Sun, 26 Jun 2005 09:15:57 -0700 (PDT) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p06230916bee483a83198@[]>
Date: Sun, 26 Jun 2005 09:15:43 -0700
To: Hash BOF <hash@ietf.org>
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cf3becbbd6d1a45acbe2ffd4ab88bdc2
Subject: [Hash] Charter discussion, round 2
X-BeenThere: hash@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: hash.lists.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/hash>, <mailto:hash-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/hash>
List-Post: <mailto:hash@lists.ietf.org>
List-Help: <mailto:hash-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/hash>, <mailto:hash-request@lists.ietf.org?subject=subscribe>
Sender: hash-bounces@lists.ietf.org
Errors-To: hash-bounces@lists.ietf.org

Greetings again. Thank you to everyone who helped with the first 
round. My take is that people don't see much need to segregate the 
truncation/salting discussion from the meatier requirements 
discussion. Also, looking at the mailing list, we are already seeing 
a reasonable level of subscription from some well-known names in the 
cryptography community.

Given that, I would like to propose a similar-but-different charter 
that gets us started on the more significant issues earlier. Please 
comment on the list whether you think the text is or is not 
reasonable, the goals are or are not achievable, and the timeline is 
or is not sensible.

--Paul Hoffman, Director
--VPN Consortium

One-way Hash Function BoF (hash)

Security Area Director:
      Sam Hartman <hartmans-ietf@mit.edu>;
      Russ Housley <housley@vigilsec.com>;

Security Area Advisor:
      Russ Housley <housley@vigilsec.com>;

Mailing Lists:
      General Discussion: hash@ietf.org
      To Subscribe:       https://www1.ietf.org/mailman/listinfo/hash
      Archive:            http://www.ietf.org/mail-archive/web/hash/index.html

Description of Proposed Working Group:

Recently, a team of researchers reported that the SHA-1 one-way hash
function offers significantly less collision resistance than could be
expected from a cryptographic hash function with an output of 160 bits.
This result has inspired significant research activities in government
and academia.  Additional information regarding the security of current
one-way hash functions, as well as proposals for new one-way hash
functions, are expected.  The proposed working group responds to the
current state of research in this area.  However, additional research is
likely to provide new insights as the working group progresses.

A two-phase approach is envisioned.  The second phase will be pursued by
revising the charter, only after the first phase is finished and if it
is clear that the international cryptographic community is actively
participating in the working group.

The first phase will consist of two main areas of work: setting
requirements for the use of one-way hash functions in IETF protocols,
and describing ways to make current hash functions more robust. These
two work items can be done in parallel.

The working group will consider the suitability of one-way hash
functions for use with IETF protocols.  These requirements will be
published as one or more BCP documents which specify the features and
characteristics for standards-track one-way hash functions.  The BCP
documents will also identify information that must be included in any
request for a hash function to be approved on the standards track.

The DSA signature algorithm requires a hash function whose output is 160
bits.  The working group will consider at least two approaches to
strengthen one-way hash functions for use in DSA:

   1) Truncate a larger one-way hash function output so that it can be
      used as a secure replacement of a shorter one-way hash function

   2) Including a random value in the hash function computation. The
      random block used is transferred as a field in the algorithm
      identifier data structure.  This approach is sometimes called a
      "salted" or "randomized" hash function.

The working group may also consider other potential solutions, and one
or more standards-track mechanism will be selected.

The optional second phase will identify one or more standards-track
one-way hash functions that fulfill the requirements stated in the BCP
documents developed in the first phase.  Guidance will also be developed
to assist protocol developers in the selection among the standards-track
one-way hash functions.

Goals and Milestones:

August 2005:     Charter working group to authorize first phase.
September 2005:  Submit initial draft of truncation mechanism and/or
                    salting mechanism.
November 2005:   Submit initial drafts on hash requirements,
                    descriptions, and suitability.
February 2006:   WG Last Call on truncation mechanism and/or salting
March 2006:      Submit truncation mechanism and/or salting mechanism
                    for IETF standard.
August 2006:     Begin WG Last Calls on hash requirements, descriptions,
                    and suitability.
June 2007:       Submit hash requirements, descriptions, and suitability
                    documents for BCP.
June 2007:       Recharter working group to authorize second phase.

Hash mailing list