Re: [keyassure] Opening issue #21: "Need to specify which crypto

Tony Hansen <tony@att.com> Fri, 11 March 2011 21:17 UTC

Return-Path: <tony@att.com>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 19AC23A690A for <keyassure@core3.amsl.com>; Fri, 11 Mar 2011 13:17:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.681
X-Spam-Level:
X-Spam-Status: No, score=-106.681 tagged_above=-999 required=5 tests=[AWL=-0.082, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OiD+vwWpoCio for <keyassure@core3.amsl.com>; Fri, 11 Mar 2011 13:17:16 -0800 (PST)
Received: from mail120.messagelabs.com (mail120.messagelabs.com [216.82.250.83]) by core3.amsl.com (Postfix) with ESMTP id 45A6B3A693C for <keyassure@ietf.org>; Fri, 11 Mar 2011 13:17:14 -0800 (PST)
X-VirusChecked: Checked
X-Env-Sender: tony@att.com
X-Msg-Ref: server-4.tower-120.messagelabs.com!1299878313!7494049!1
X-StarScan-Version: 6.2.9; banners=-,-,-
X-Originating-IP: [144.160.20.145]
Received: (qmail 2486 invoked from network); 11 Mar 2011 21:18:33 -0000
Received: from sbcsmtp6.sbc.com (HELO mlpd192.enaf.sfdc.sbc.com) (144.160.20.145) by server-4.tower-120.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 11 Mar 2011 21:18:33 -0000
Received: from enaf.sfdc.sbc.com (localhost.localdomain [127.0.0.1]) by mlpd192.enaf.sfdc.sbc.com (8.14.4/8.14.4) with ESMTP id p2BLIuFu011355 for <keyassure@ietf.org>; Fri, 11 Mar 2011 16:18:56 -0500
Received: from alpd052.aldc.att.com (alpd052.aldc.att.com [130.8.42.31]) by mlpd192.enaf.sfdc.sbc.com (8.14.4/8.14.4) with ESMTP id p2BLItoC011329 for <keyassure@ietf.org>; Fri, 11 Mar 2011 16:18:55 -0500
Received: from aldc.att.com (localhost.localdomain [127.0.0.1]) by alpd052.aldc.att.com (8.14.4/8.14.4) with ESMTP id p2BLIVLg009023 for <keyassure@ietf.org>; Fri, 11 Mar 2011 16:18:31 -0500
Received: from mailgw1.maillennium.att.com (dns.maillennium.att.com [135.25.114.99]) by alpd052.aldc.att.com (8.14.4/8.14.4) with ESMTP id p2BLIPtB008017 for <keyassure@ietf.org>; Fri, 11 Mar 2011 16:18:25 -0500
Received: from [135.91.110.95] (dn135-91-110-95.dhcpn.ugn.att.com[135.91.110.95]) by maillennium.att.com (mailgw1) with ESMTP id <20110311211825gw100e4l03e> (Authid: tony); Fri, 11 Mar 2011 21:18:25 +0000
X-Originating-IP: [135.91.110.95]
Message-ID: <4D7A91A0.4060902@att.com>
Date: Fri, 11 Mar 2011 16:18:24 -0500
From: Tony Hansen <tony@att.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: keyassure@ietf.org
References: <397794924.536913.1299565388720.JavaMail.root@cm-mail03.mozilla.org> <E971C167-FE76-497D-A156-16EF687B522A@kirei.se> <4D765239.40408@ieca.com> <B99194C1-6A2F-4378-835D-4E1096FB095A@icsi.berkeley.edu> <4D7658AA.9010003@vpnc.org>
In-Reply-To: <4D7658AA.9010003@vpnc.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [keyassure] Opening issue #21: "Need to specify which crypto
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Mar 2011 21:17:17 -0000

On 3/8/2011 11:26 AM, Paul Hoffman wrote:
> On 3/8/11 8:10 AM, Nicholas Weaver wrote:
>> (Not that I'm saying it should impede this group, I'm happing with 
>> the language above or similar, I just want to know why people want to 
>> use SHA-384 instead of SHA-512!)
>
> There is some reason to believe that the final SHA-3 spec will have a 
> 384-bit hash that will be faster to calculate than the 512-bit version, 

Given what NIST is doing with FIPS-180-4-draft and defining SHA-512/t, 
I'd be surprised if that were true. But it will be interesting to see 
what comes out of SHA3.

> and it will be hard to convince people who were using SHA-2-512 that 
> going to SHA-3-384 is a good move. They'll claim that it is less safe 
> because they didn't realize that they didn't even need the strength in 
> SHA-2-256 to start with.
>
> It's all headology, unfortunately.

     Tony Hansen
     tony@att.com