Re: [keyassure] Opening issue #21: "Need to specify which crypto
Phillip Hallam-Baker <hallam@gmail.com> Tue, 08 March 2011 20:45 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C8F7B3A635F for <keyassure@core3.amsl.com>; Tue, 8 Mar 2011 12:45:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.564
X-Spam-Level:
X-Spam-Status: No, score=-3.564 tagged_above=-999 required=5 tests=[AWL=0.034, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 99M9KAdJ1wwQ for <keyassure@core3.amsl.com>; Tue, 8 Mar 2011 12:45:52 -0800 (PST)
Received: from mail-bw0-f44.google.com (mail-bw0-f44.google.com [209.85.214.44]) by core3.amsl.com (Postfix) with ESMTP id EE4653A6359 for <keyassure@ietf.org>; Tue, 8 Mar 2011 12:45:51 -0800 (PST)
Received: by bwz13 with SMTP id 13so182137bwz.31 for <keyassure@ietf.org>; Tue, 08 Mar 2011 12:47:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=bKzwR/bVGxynoHA8ML0B/wqDqyhWKjmuabddzGXw9po=; b=rmAWum8hpGeY8mVloTTh7O3uwaZ5qL1Ld1JufdUuZwfmAJ7erubRw8mQXggA61huN4 rCKf2LcoA+Gt8E8HpjgP1BX0L8BAfVJwwFrLT+hwMUUfdcbclUKazAHITQ0RfSN5Ca+K K2bIdXZB8FJhNtLtttC1hKB8uipqIyyI7BysY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=dCkFFs/ZWXPkfXF0SffUOhC7+PB1RIRwGRFj/x3X5Ezg4vl+7LqNDsvltNOcSlD8o5 4fEP0TxffN+B4CMWfMTCMXc5ib4HiTsR9mxB+ZSC+HdDiDLFOI8wcCC8VBB1qkq9HCdK EDIlolz6voI3ODkRQloT/+osQvxjQPldY88Fk=
MIME-Version: 1.0
Received: by 10.204.59.140 with SMTP id l12mr4694449bkh.168.1299617226410; Tue, 08 Mar 2011 12:47:06 -0800 (PST)
Received: by 10.204.14.139 with HTTP; Tue, 8 Mar 2011 12:47:06 -0800 (PST)
In-Reply-To: <20110308180516.GC23708@vacation.karoshi.com.>
References: <B99194C1-6A2F-4378-835D-4E1096FB095A@icsi.berkeley.edu> <201103081657.p28GvYwq001089@fs4113.wdf.sap.corp> <20110308180516.GC23708@vacation.karoshi.com.>
Date: Tue, 08 Mar 2011 15:47:06 -0500
Message-ID: <AANLkTikUGM2T6n+M8DGpKvnq7Yf9e993hdtJfvwcjAzC@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: bmanning@vacation.karoshi.com
Content-Type: multipart/alternative; boundary="001636ed6d011fd7ff049dfeb7af"
Cc: keyassure@ietf.org
Subject: Re: [keyassure] Opening issue #21: "Need to specify which crypto
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2011 20:45:53 -0000
Quite possibly, but most people know not to wait for IETF process before deployment. I don't like the idea of SHA2-512/256 because the new IV is going to require people to use a different code library to get support and that may be tricky. Given that SHA2-512 is fastest on 64 bit machines and given that these are now the mainstream, would it not make sense to simply go to SHA2-384 or SHA2-512 as the only mandatory for the time being with the expectation of adding in some flavor of SHA3 when that is possible? I think we need to break this down in matrix fashion 1) Attack A compromise that could lead an attacker to break DANE. 2) Reputation A compromise that falls short of enabling an actual attack against DANE but will lead to concerns amongst users and pressure for a new algorithm. (c.f. demands to change HMAC-MD5 despite no evidence this is necessary). 3) Support Is the algorithm supported in standard cryptographic toolkits, is widespread support to be expected in the future. 4) Performance Not really a factor for this application but will determine whether it is used for other purposes. 5) Industry Is the algorithm THE industry standard or merely A standard. SHA-1: Good for 20 years on attack but unknown as far as reputation. Is the main target of cryptanalysis at the moment. Support is universal. SHA2-256: Good for 30+ years on attack and at least 10 for reputation. Support is near universal. SHA2-386: Good for 40+ years on attack and probably 30+ for reputation. Support is near universal SHA2-512: Good for 50+ years on attack but likely 20+ on reputation due to the fact that if 512 bits is specified in a protocol it is difficult to explain why less than 512 bits are necessary. SHA3-*: Will be THE standard in some strength as far as we can predict. While it is possible something else will beat SHA3, I can't see that happening and people being happy with SHA2. So my recommendation would be 1) Do not define any code point for SHA1. 2) Define code point for SHA2-384 3) Expect to support SHA3 in the future via some mechanism. Add it to the draft if the competition schedule makes this practical. As a general rule I would prefer to only define IANA code points for algorithms that the IETF REQUIRES. I would support all other crypto by reserving one code point for specifying algorithms by means of ASN.1 OID prefix. The reason for doing that is that it means that the group does not need to consider the inevitable requests to support other algorithms or deal with the damage caused when a refusal is ignored. We cannot stop the Russian federation from using GOST but we can stop them getting a reserved code point. On Tue, Mar 8, 2011 at 1:05 PM, <bmanning@vacation.karoshi.com> wrote: > On Tue, Mar 08, 2011 at 05:57:34PM +0100, Martin Rex wrote: > > > > It fosters on the premise that SHA-1 is completely and throroughly > > broken and SHA-256 impaired by more serious attacks than currently > > known for SHA-1 _long_ before a SHA-3 finalist is selected. > > > > > > -Martin > > my working analog here is that you don't shoot at a moving > target - you shoot ahead of it. > > given the pace of the IETF processes, I fully expect there will > be a SHA-3 finalist selected before this spec lands. (YMMV of > course) > > --bill > _______________________________________________ > keyassure mailing list > keyassure@ietf.org > https://www.ietf.org/mailman/listinfo/keyassure > -- Website: http://hallambaker.com/
- [keyassure] Opening issue #21: "Need to specify w… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Jakob Schlyter
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Stephen Farrell
- Re: [keyassure] Opening issue #21: "Need to speci… Nicholas Weaver
- Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
- Re: [keyassure] Opening issue #21: "Need to speci… Stephen Farrell
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Nicholas Weaver
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Stephen Farrell
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Scott Schmit
- Re: [keyassure] Opening issue #21: "Need to speci… Stephen Farrell
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Sean Turner
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- [keyassure] crypto hash alg deprecation is a myth Martin Rex
- Re: [keyassure] crypto hash alg deprecation is a … Rob Stradling
- Re: [keyassure] crypto hash alg deprecation is a … Phillip Hallam-Baker
- Re: [keyassure] crypto hash alg deprecation is a … Andrew Sullivan
- Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] crypto hash alg deprecation is a … Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Nicholas Weaver
- Re: [keyassure] Opening issue #21: "Need to speci… Yoav Nir
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Andrew Sullivan
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Andrew Sullivan
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… bmanning
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Murray S. Kucherawy
- Re: [keyassure] Opening issue #21: "Need to speci… Murray S. Kucherawy
- Re: [keyassure] Opening issue #21: "Need to speci… Ben Laurie
- Re: [keyassure] Opening issue #21: "Need to speci… Jakob Schlyter
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… George Barwood
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Jakob Schlyter
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Yoav Nir
- Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… bmanning
- Re: [keyassure] Opening issue #21: "Need to speci… Brian Smith
- Re: [keyassure] Opening issue #21: "Need to speci… Jakob Schlyter
- Re: [keyassure] Opening issue #21: "Need to speci… Ben Laurie
- Re: [keyassure] Opening issue #21: "Need to speci… Rob Stradling
- Re: [keyassure] Opening issue #21: "Need to speci… George Barwood
- Re: [keyassure] Opening issue #21: "Need to speci… Sean Turner
- Re: [keyassure] Opening issue #21: "Need to speci… Nicholas Weaver
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… bmanning
- Re: [keyassure] Opening issue #21: "Need to speci… bmanning
- Re: [keyassure] Opening issue #21: "Need to speci… Yoav Nir
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Tony Hansen