Re: [keyassure] Opening issue #21: "Need to specify which crypto
Phillip Hallam-Baker <hallam@gmail.com> Wed, 02 March 2011 23:23 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C89E93A68E8 for <keyassure@core3.amsl.com>; Wed, 2 Mar 2011 15:23:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.572
X-Spam-Level:
X-Spam-Status: No, score=-3.572 tagged_above=-999 required=5 tests=[AWL=0.027, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id roHPAGAn-p+h for <keyassure@core3.amsl.com>; Wed, 2 Mar 2011 15:23:38 -0800 (PST)
Received: from mail-bw0-f44.google.com (mail-bw0-f44.google.com [209.85.214.44]) by core3.amsl.com (Postfix) with ESMTP id D57033A68B5 for <keyassure@ietf.org>; Wed, 2 Mar 2011 15:23:37 -0800 (PST)
Received: by bwz13 with SMTP id 13so780876bwz.31 for <keyassure@ietf.org>; Wed, 02 Mar 2011 15:24:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=SduGOtzVYVfzGx9ZT8P92GpLn8JDAuL37j/mzJw8Af8=; b=KcYelfdAoCU2mYyY0uxtNCjv3qBA5qrybTFKvLb1LVAwteTm0WJbk+CMgwFdu8dyvb xkut5tdoTpPk2S6sUNEm7O0P9L6OywJfjhXs/TH7W+eBEpQ7RUacFzwtrv7ys6Lrtdb2 JrZNngiTvxFizYnwev1K7BP/ASUQaUaLiiqF4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=ATxeNqbpNFfm2eBEnjaF4hjWhOssRMsmbXHmmC8WbeDYl4gNQadDEqrn01JvHCafMg XH5XAWnDzHfdt4BEwzkhsYkm3OZ7QstQsQ/0qh58UTiXA0rHoPBRt1wt/cE6fgom3c3S vsrwt7juJY7bXU6iotP0QBuyo+1iOyunVgxco=
MIME-Version: 1.0
Received: by 10.204.52.136 with SMTP id i8mr673795bkg.74.1299108283886; Wed, 02 Mar 2011 15:24:43 -0800 (PST)
Received: by 10.204.14.139 with HTTP; Wed, 2 Mar 2011 15:24:43 -0800 (PST)
In-Reply-To: <4D6D7551.3070606@vpnc.org>
References: <AANLkTimGsc38B+2R03CiW2TzKoiHvj_7NLs0gD=340Tw@mail.gmail.com> <201103011815.p21IFukr020670@fs4113.wdf.sap.corp> <AANLkTinE1QqjqY5g+nQtq3hKD7z5spkuFqsT=9tmB+WR@mail.gmail.com> <4D6D7551.3070606@vpnc.org>
Date: Wed, 02 Mar 2011 18:24:43 -0500
Message-ID: <AANLkTi=gzGr9qiP0mF-FGqhQnv5n1iyVZU1Ch12JK=ou@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: keyassure@ietf.org
Subject: Re: [keyassure] Opening issue #21: "Need to specify which crypto
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2011 23:23:39 -0000
There is currently no evidence that SHA2-256 is unacceptably weak. However it is based on the same construction as MD4, MD5 and SHA1. And thus the reason for the current NIST competition. Since the NIST competition is not currently complete, there is currently no viable alternative to SHA2. While there are other algorithms in use, I would expect the competition to supersede those as well. I think that what we should do here is 1) Make support for SHA2-256 and SHA2-384 REQUIRED 2) Ensure that it is feasible to transition from use of SHA2 to a new algorithm 3) Deprecate use of MD2,MD4,MD5 and SHA1. The second point is really rather important since even though it is possible to emit bit strings that use SHA2 in protocols such as SSL and S/MIME, it is not feasible to use them in practice because there is no way to know whether the other party is one of those which is capable of using them. On Tue, Mar 1, 2011 at 5:38 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote: > On 3/1/11 1:37 PM, Phillip Hallam-Baker wrote: >> >> This particular topic is one on which the Security ADs and the IETF >> chair have very very specific opinions on. And given their role in >> trying to effect an industry wide transition to stronger algorithms, I >> think that they are quite right to insist on them. > > If you can quote previous statements from any of them suggesting that > SHA-256 is suspect, that would be more useful than you simply suggesting > that they had said something. It would be useful to this discussion for each > of us to speak only for ourselves and for those who have asked us to speak > for them, or to quote others whom we think are authorities. > _______________________________________________ > keyassure mailing list > keyassure@ietf.org > https://www.ietf.org/mailman/listinfo/keyassure > -- Website: http://hallambaker.com/
- [keyassure] Opening issue #21: "Need to specify w… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Jakob Schlyter
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Stephen Farrell
- Re: [keyassure] Opening issue #21: "Need to speci… Nicholas Weaver
- Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
- Re: [keyassure] Opening issue #21: "Need to speci… Stephen Farrell
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Nicholas Weaver
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Stephen Farrell
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Scott Schmit
- Re: [keyassure] Opening issue #21: "Need to speci… Stephen Farrell
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Sean Turner
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- [keyassure] crypto hash alg deprecation is a myth Martin Rex
- Re: [keyassure] crypto hash alg deprecation is a … Rob Stradling
- Re: [keyassure] crypto hash alg deprecation is a … Phillip Hallam-Baker
- Re: [keyassure] crypto hash alg deprecation is a … Andrew Sullivan
- Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] crypto hash alg deprecation is a … Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Nicholas Weaver
- Re: [keyassure] Opening issue #21: "Need to speci… Yoav Nir
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Andrew Sullivan
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Andrew Sullivan
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… bmanning
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Murray S. Kucherawy
- Re: [keyassure] Opening issue #21: "Need to speci… Murray S. Kucherawy
- Re: [keyassure] Opening issue #21: "Need to speci… Ben Laurie
- Re: [keyassure] Opening issue #21: "Need to speci… Jakob Schlyter
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… George Barwood
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Jakob Schlyter
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Yoav Nir
- Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… bmanning
- Re: [keyassure] Opening issue #21: "Need to speci… Brian Smith
- Re: [keyassure] Opening issue #21: "Need to speci… Jakob Schlyter
- Re: [keyassure] Opening issue #21: "Need to speci… Ben Laurie
- Re: [keyassure] Opening issue #21: "Need to speci… Rob Stradling
- Re: [keyassure] Opening issue #21: "Need to speci… George Barwood
- Re: [keyassure] Opening issue #21: "Need to speci… Sean Turner
- Re: [keyassure] Opening issue #21: "Need to speci… Nicholas Weaver
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… bmanning
- Re: [keyassure] Opening issue #21: "Need to speci… bmanning
- Re: [keyassure] Opening issue #21: "Need to speci… Yoav Nir
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Tony Hansen