Re: [keyassure] Opening issue #21: "Need to specify which crypto

Phillip Hallam-Baker <hallam@gmail.com> Tue, 01 March 2011 21:36 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6949C3A6AB8 for <keyassure@core3.amsl.com>; Tue, 1 Mar 2011 13:36:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.569
X-Spam-Level:
X-Spam-Status: No, score=-3.569 tagged_above=-999 required=5 tests=[AWL=0.030, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FHhK3WFDYQTZ for <keyassure@core3.amsl.com>; Tue, 1 Mar 2011 13:36:25 -0800 (PST)
Received: from mail-bw0-f44.google.com (mail-bw0-f44.google.com [209.85.214.44]) by core3.amsl.com (Postfix) with ESMTP id E8A483A6AB3 for <keyassure@ietf.org>; Tue, 1 Mar 2011 13:36:24 -0800 (PST)
Received: by bwz13 with SMTP id 13so5785401bwz.31 for <keyassure@ietf.org>; Tue, 01 Mar 2011 13:37:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=6kGE+dqLkw1qm5dtXJvTt+l6A1yoU7BUrcgGFgBSyxY=; b=JJPohz0rE0RH8I7pWl+hJUf3X5PgYL11MymmjNEeJ9JJM9gLLDqQvvdJvHhRm7cM+r icMQBCw89LLec60uOPouQs6T4mTrY6wrkuGbX7I2UeMYDQaOOz0k3mM0O1StaI8x6/AS A4PIHQFDibea8ZTayl56YL5HTzczplMt9o8dA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=OQLJGuM3xczuay89Nu2oS/rcvGP849Xlu+2YDms8SBMuVpllQDzdW4J5WLjXmcy3m/ f4gyo5PMHuBofEKu/gIbK6VjecwFu8klxYmGVXWzxLz8W37arJJtCxsUxzWAie3NDfef TjBYg7sagCDMOs3ZodEJPdSWw1OsOW6nh4n5U=
MIME-Version: 1.0
Received: by 10.204.14.202 with SMTP id h10mr6392860bka.182.1299015447536; Tue, 01 Mar 2011 13:37:27 -0800 (PST)
Received: by 10.204.14.139 with HTTP; Tue, 1 Mar 2011 13:37:27 -0800 (PST)
In-Reply-To: <201103011815.p21IFukr020670@fs4113.wdf.sap.corp>
References: <AANLkTimGsc38B+2R03CiW2TzKoiHvj_7NLs0gD=340Tw@mail.gmail.com> <201103011815.p21IFukr020670@fs4113.wdf.sap.corp>
Date: Tue, 1 Mar 2011 16:37:27 -0500
Message-ID: <AANLkTinE1QqjqY5g+nQtq3hKD7z5spkuFqsT=9tmB+WR@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: mrex@sap.com
Content-Type: text/plain; charset=ISO-8859-1
Cc: keyassure@ietf.org
Subject: Re: [keyassure] Opening issue #21: "Need to specify which crypto
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Mar 2011 21:36:26 -0000

Plenty is not the point.

SHA1 is no longer regarded as acceptably secure. SHA2 is based on the
same construction and is thus similarly suspect.

We don't use SHA1 in legacy browsers because we like it. We use SHA1
in legacy browsers because we have not worked out how to transition
away from it. The transition from MD5 to SHA1 was painless only
because all browsers were required to support both standards.



This particular topic is one on which the Security ADs and the IETF
chair have very very specific opinions on. And given their role in
trying to effect an industry wide transition to stronger algorithms, I
think that they are quite right to insist on them.


On Tue, Mar 1, 2011 at 1:15 PM, Martin Rex <mrex@sap.com> wrote:
> Phillip Hallam-Baker wrote:
>>
>> Currently, the only digest algorithm that can be recommended is SHA-2
>>
>> We really do need SHA2 in here as a MUST, unless we are still discussing
>> this when the SHA3 competition results are out.
>
> SHA-256 looks like plenty.
>
> You do realize, that many (if not most) implementations of TLS are going
> to use SHA-1 for digital signatures for quite some time to come?
>
> And even document like the updated TLS extensions document (rfc6066)
> use SHA-1 all over the place.
>
> -Martin
>



-- 
Website: http://hallambaker.com/