Re: [keyassure] Opening issue #21: "Need to specify which crypto
Sean Turner <turners@ieca.com> Thu, 03 March 2011 00:49 UTC
Return-Path: <turners@ieca.com>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AD9873A6920 for <keyassure@core3.amsl.com>; Wed, 2 Mar 2011 16:49:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.522
X-Spam-Level:
X-Spam-Status: No, score=-102.522 tagged_above=-999 required=5 tests=[AWL=0.076, BAYES_00=-2.599, UNPARSEABLE_RELAY=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hxRyReh62ZsD for <keyassure@core3.amsl.com>; Wed, 2 Mar 2011 16:49:29 -0800 (PST)
Received: from nm29.bullet.mail.ac4.yahoo.com (nm29.bullet.mail.ac4.yahoo.com [98.139.52.226]) by core3.amsl.com (Postfix) with SMTP id 72F463A6919 for <keyassure@ietf.org>; Wed, 2 Mar 2011 16:49:29 -0800 (PST)
Received: from [98.139.52.193] by nm29.bullet.mail.ac4.yahoo.com with NNFMP; 03 Mar 2011 00:50:33 -0000
Received: from [98.139.52.156] by tm6.bullet.mail.ac4.yahoo.com with NNFMP; 03 Mar 2011 00:50:33 -0000
Received: from [127.0.0.1] by omp1039.mail.ac4.yahoo.com with NNFMP; 03 Mar 2011 00:50:33 -0000
X-Yahoo-Newman-Id: 550574.24918.bm@omp1039.mail.ac4.yahoo.com
Received: (qmail 27278 invoked from network); 3 Mar 2011 00:50:33 -0000
Received: from thunderfish.local (turners@96.241.2.32 with plain) by smtp114.biz.mail.mud.yahoo.com with SMTP; 02 Mar 2011 16:50:32 -0800 PST
X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ
X-YMail-OSG: VYwpaYIVM1ldnr5Fvs74NmHb8svPm9r7forTUBbgtxrKMcW Xn45pSblKWkFIBpPEHutTIbOgSC0maqGwfYa9Q0kibNhRQHNJerWTBqAZ9tg 7tlUOiaRw9s6XCMgtV7nErSwJs2Zk7NUkI4kP37sHLHkYgs7ufIXOjtCK.Zd tBRSzp9jz_skKEK5pMI0rjPhpUwceNk.hMBMckBs.gWUTnLT.kVM6pCwKJK_ o_ZTXZYUNZenljwHielIPd5pqO9O9gcXgFpSfiNzu7xDtgL70_mVb4ZOKsV_ D5CNj20dSQGvvMFM1jlz.WhFpiBaip.vKkVgADaqS_TCmrmP.efOE1w4a5No t.pwLUkxfGJ7ZjVBmqChtRNfjCpNpkb08qA--
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4D6EE5D7.4080108@ieca.com>
Date: Wed, 02 Mar 2011 19:50:31 -0500
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.14) Gecko/20110221 Lightning/1.0b2 Thunderbird/3.1.8
MIME-Version: 1.0
To: Phillip Hallam-Baker <hallam@gmail.com>
References: <AANLkTimGsc38B+2R03CiW2TzKoiHvj_7NLs0gD=340Tw@mail.gmail.com> <201103011815.p21IFukr020670@fs4113.wdf.sap.corp> <AANLkTinE1QqjqY5g+nQtq3hKD7z5spkuFqsT=9tmB+WR@mail.gmail.com> <4D6D7551.3070606@vpnc.org> <AANLkTi=gzGr9qiP0mF-FGqhQnv5n1iyVZU1Ch12JK=ou@mail.gmail.com> <65BDECDA-2A61-49E0-A2DA-8E2E5162C0C8@kumari.net>
In-Reply-To: <65BDECDA-2A61-49E0-A2DA-8E2E5162C0C8@kumari.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: keyassure@ietf.org, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [keyassure] Opening issue #21: "Need to specify which crypto
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Mar 2011 00:49:30 -0000
On 3/2/11 6:43 PM, Warren Kumari wrote: > > On Mar 2, 2011, at 6:24 PM, Phillip Hallam-Baker wrote: > >> There is currently no evidence that SHA2-256 is unacceptably weak. >> >> However it is based on the same construction as MD4, MD5 and SHA1. And >> thus the reason for the current NIST competition. >> >> >> Since the NIST competition is not currently complete, there is >> currently no viable alternative to SHA2. While there are other >> algorithms in use, I would expect the competition to supersede those >> as well. >> >> I think that what we should do here is >> >> 1) Make support for SHA2-256 and SHA2-384 REQUIRED >> 2) Ensure that it is feasible to transition from use of SHA2 to a new >> algorithm > > <no hats> > Shouldn't this be much much more general? "Ensure that it is feasible to > transition to new algorithms"? <note: I don't know how we do this, but I > also don't see why "from SHA2" would be a special case> > >> 3) Deprecate use of MD2,MD4,MD5 and SHA1. >> > > Um, I'm confused by number 3 -- I think that the only things we need to > do *here* is decide what we *do* support.... > Deprecating the use of other things, while fine and good, doesn't need > to happen *here* if we don't support them... > > W > </no hats> #3 is kind of taken care of. MD2 and MD4 are being made historic: http://datatracker.ietf.org/doc/draft-turner-md2-to-historic/ http://datatracker.ietf.org/doc/draft-turner-md4-to-historic/ and the security considerations for MD5 were updated: http://datatracker.ietf.org/doc/draft-turner-md5-seccon-update/ spt >> >> The second point is really rather important since even though it is >> possible to emit bit strings that use SHA2 in protocols such as SSL >> and S/MIME, it is not feasible to use them in practice because there >> is no way to know whether the other party is one of those which is >> capable of using them. >> >> On Tue, Mar 1, 2011 at 5:38 PM, Paul Hoffman <paul.hoffman@vpnc.org> >> wrote: >>> On 3/1/11 1:37 PM, Phillip Hallam-Baker wrote: >>>> >>>> This particular topic is one on which the Security ADs and the IETF >>>> chair have very very specific opinions on. And given their role in >>>> trying to effect an industry wide transition to stronger algorithms, I >>>> think that they are quite right to insist on them. >>> >>> If you can quote previous statements from any of them suggesting that >>> SHA-256 is suspect, that would be more useful than you simply suggesting >>> that they had said something. It would be useful to this discussion >>> for each >>> of us to speak only for ourselves and for those who have asked us to >>> speak >>> for them, or to quote others whom we think are authorities. >>> _______________________________________________ >>> keyassure mailing list >>> keyassure@ietf.org >>> https://www.ietf.org/mailman/listinfo/keyassure >>> >> >> >> >> -- >> Website: http://hallambaker.com/ >> _______________________________________________ >> keyassure mailing list >> keyassure@ietf.org >> https://www.ietf.org/mailman/listinfo/keyassure >> > > -- > We know about as much about software quality problems as they knew about > the Black Plague in the 1600s. We've seen the victims' agonies and > helped burn the corpses. We don't know what causes it; we don't really > know if there is only one disease. We just suffer -- and keep pouring > our sewage into our water supply. > > -- Tom Van Vleck > > > > > _______________________________________________ > keyassure mailing list > keyassure@ietf.org > https://www.ietf.org/mailman/listinfo/keyassure >
- [keyassure] Opening issue #21: "Need to specify w… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Jakob Schlyter
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Stephen Farrell
- Re: [keyassure] Opening issue #21: "Need to speci… Nicholas Weaver
- Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
- Re: [keyassure] Opening issue #21: "Need to speci… Stephen Farrell
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Nicholas Weaver
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Stephen Farrell
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Scott Schmit
- Re: [keyassure] Opening issue #21: "Need to speci… Stephen Farrell
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Sean Turner
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- [keyassure] crypto hash alg deprecation is a myth Martin Rex
- Re: [keyassure] crypto hash alg deprecation is a … Rob Stradling
- Re: [keyassure] crypto hash alg deprecation is a … Phillip Hallam-Baker
- Re: [keyassure] crypto hash alg deprecation is a … Andrew Sullivan
- Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] crypto hash alg deprecation is a … Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Nicholas Weaver
- Re: [keyassure] Opening issue #21: "Need to speci… Yoav Nir
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Andrew Sullivan
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Andrew Sullivan
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… bmanning
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Murray S. Kucherawy
- Re: [keyassure] Opening issue #21: "Need to speci… Murray S. Kucherawy
- Re: [keyassure] Opening issue #21: "Need to speci… Ben Laurie
- Re: [keyassure] Opening issue #21: "Need to speci… Jakob Schlyter
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… George Barwood
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Jakob Schlyter
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Yoav Nir
- Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… bmanning
- Re: [keyassure] Opening issue #21: "Need to speci… Brian Smith
- Re: [keyassure] Opening issue #21: "Need to speci… Jakob Schlyter
- Re: [keyassure] Opening issue #21: "Need to speci… Ben Laurie
- Re: [keyassure] Opening issue #21: "Need to speci… Rob Stradling
- Re: [keyassure] Opening issue #21: "Need to speci… George Barwood
- Re: [keyassure] Opening issue #21: "Need to speci… Sean Turner
- Re: [keyassure] Opening issue #21: "Need to speci… Nicholas Weaver
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… bmanning
- Re: [keyassure] Opening issue #21: "Need to speci… bmanning
- Re: [keyassure] Opening issue #21: "Need to speci… Yoav Nir
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Tony Hansen