Re: [keyassure] Opening issue #21: "Need to specify which crypto

"Murray S. Kucherawy" <msk@cloudmark.com> Fri, 04 March 2011 16:47 UTC

Return-Path: <msk@cloudmark.com>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E80C83A69C7 for <keyassure@core3.amsl.com>; Fri, 4 Mar 2011 08:47:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.913
X-Spam-Level:
X-Spam-Status: No, score=-103.913 tagged_above=-999 required=5 tests=[AWL=-1.314, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dx+1GGqkzY9P for <keyassure@core3.amsl.com>; Fri, 4 Mar 2011 08:47:00 -0800 (PST)
Received: from ht2-outbound.cloudmark.com (ht2-outbound.cloudmark.com [72.5.239.36]) by core3.amsl.com (Postfix) with ESMTP id 3E2053A69BC for <keyassure@ietf.org>; Fri, 4 Mar 2011 08:47:00 -0800 (PST)
Received: from EXCH-C2.corp.cloudmark.com ([172.22.1.74]) by spite.corp.cloudmark.com ([172.22.10.72]) with mapi; Fri, 4 Mar 2011 08:48:09 -0800
From: "Murray S. Kucherawy" <msk@cloudmark.com>
To: "keyassure@ietf.org" <keyassure@ietf.org>
Date: Fri, 04 Mar 2011 08:48:07 -0800
Thread-Topic: [keyassure] Opening issue #21: "Need to specify which crypto
Thread-Index: AcvadlpYcPCOfEaqTpe+ZH1xJ9kdggAFWmpQ
Message-ID: <F5833273385BB34F99288B3648C4F06F1341E7459C@EXCH-C2.corp.cloudmark.com>
References: <AANLkTik1r-sZvnNHCUtKO1De2CGb53x1Wk+ojRPOhOih@mail.gmail.com> <E1PvVl0-0005Oy-PT@login01.fos.auckland.ac.nz>
In-Reply-To: <E1PvVl0-0005Oy-PT@login01.fos.auckland.ac.nz>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [keyassure] Opening issue #21: "Need to specify which crypto
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Mar 2011 16:47:01 -0000

> -----Original Message-----
> From: keyassure-bounces@ietf.org [mailto:keyassure-bounces@ietf.org] On Behalf Of Peter Gutmann
> Sent: Friday, March 04, 2011 6:13 AM
> To: hallam@gmail.com; mrex@sap.com
> Cc: keyassure@ietf.org
> Subject: Re: [keyassure] Opening issue #21: "Need to specify which crypto
> 
> >If SHA3 is ready in time (i.e. we are still not ready in 2012) we could
> >consider making SHA3-256 the required algorithm. If not make SHA2-256 and
> >SHA2-512 the required algorithms.
> 
> Sounds good, although I'd make 256 a MUST and 512 a MAY, both to keep the
> every-bit-is-sacred crowd happy and because in practice there's going to be a
> de facto universal default that everyone uses, and my guess is it'll be -256,
> in the same way that currently the universal default that everyone uses is
> SHA1, no matter what other algorithms the spec allows.

If the experience with DKIM (which did MUST for SHA1 and SHOULD for SHA256) is any indication, your guess is right on the money.