Re: [keyassure] Opening issue #21: "Need to specify which crypto

Sean Turner <turners@ieca.com> Tue, 08 March 2011 15:57 UTC

Message-ID: <4D765239.40408@ieca.com>
Date: Tue, 08 Mar 2011 10:58:49 -0500
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.15) Gecko/20110303 Lightning/1.0b2 Thunderbird/3.1.9
MIME-Version: 1.0
To: keyassure@ietf.org
References: <397794924.536913.1299565388720.JavaMail.root@cm-mail03.mozilla.org> <E971C167-FE76-497D-A156-16EF687B522A@kirei.se>
In-Reply-To: <E971C167-FE76-497D-A156-16EF687B522A@kirei.se>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [keyassure] Opening issue #21: "Need to specify which crypto
Precedence: list

On 3/8/11 2:20 AM, Jakob Schlyter wrote:
> On 8 mar 2011, at 07.23, Brian Smith wrote:
>
>> It would be better to have both SHA-384 mandatory for clients. Those two algorithms are already practically required because they are both required for a good implementation of TLS 1.2. Making SHA-384 mandatory for clients makes it easier for server administrators to switch from SHA-256 to SHA-384 if that would ever be helpful; that could be a real possibility considering the deployment of SHA-3 on clients is a long way off.
>
> +1 - having two algorithms (although from the same family) from the start is better than just one. And we add SHA-3 and friends later - no need to "reserve" code points for them at this point.

I think I'm in this camp.  It's hard to use 2119-language for something 
that nobody can claim conformance to.  Somebody is still going to need 
to write a draft that says here's the SHA-3 alg, here's it's reference 
and we're updating the registry regardless so I think the draft could 
just as well do this:

    Value        Short description       Ref.
    -----------------------------------------------------
    0            No hash used            [This]
    1            SHA-1                   NIST FIPS 180-3
    2            SHA-256                 NIST FIPS 180-3
    3            SHA-384                 NIST FIPS 180-3
    4-254        Unassigned

    Applications to the registry can request specific values that have
    yet to be assigned. Note that there is every intent to update this
    registry when [SHA-3] is finalized.  Implementors are strongly
    encouraged to support a flexible implementation strategy in order
    to support an orderly migration to [SHA-3] shortly after this
    registry is updated.

or something like that.

I can already envision the GEN-Art comment/IESG discuss on needing a 
stable reference for SHA-3 if it's a normative reference.  If there's no 
requirements associated with it you'll probably get away with an 
informative reference to [SHA-3]:

[SHA-3] "Cryptographic Hash Algorithm Competition", NIST Computer
         Security Resource Center Cryptographic Hash Project.

There is precedent to using this reference but it was in a draft with an 
intended status of informational and it was an informational reference.

spt

[keyassure] Opening issue #21: "Need to specify w… Warren Kumari
Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
Re: [keyassure] Opening issue #21: "Need to speci… Jakob Schlyter
Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
Re: [keyassure] Opening issue #21: "Need to speci… Stephen Farrell
Re: [keyassure] Opening issue #21: "Need to speci… Nicholas Weaver
Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
Re: [keyassure] Opening issue #21: "Need to speci… Stephen Farrell
Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
Re: [keyassure] Opening issue #21: "Need to speci… Nicholas Weaver
Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
Re: [keyassure] Opening issue #21: "Need to speci… Stephen Farrell
Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
Re: [keyassure] Opening issue #21: "Need to speci… Scott Schmit
Re: [keyassure] Opening issue #21: "Need to speci… Stephen Farrell
Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
Re: [keyassure] Opening issue #21: "Need to speci… Sean Turner
Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
[keyassure] crypto hash alg deprecation is a myth Martin Rex
Re: [keyassure] crypto hash alg deprecation is a … Rob Stradling
Re: [keyassure] crypto hash alg deprecation is a … Phillip Hallam-Baker
Re: [keyassure] crypto hash alg deprecation is a … Andrew Sullivan
Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
Re: [keyassure] crypto hash alg deprecation is a … Peter Gutmann
Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
Re: [keyassure] Opening issue #21: "Need to speci… Nicholas Weaver
Re: [keyassure] Opening issue #21: "Need to speci… Yoav Nir
Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
Re: [keyassure] Opening issue #21: "Need to speci… Andrew Sullivan
Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
Re: [keyassure] Opening issue #21: "Need to speci… Andrew Sullivan
Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
Re: [keyassure] Opening issue #21: "Need to speci… bmanning
Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
Re: [keyassure] Opening issue #21: "Need to speci… Murray S. Kucherawy
Re: [keyassure] Opening issue #21: "Need to speci… Murray S. Kucherawy
Re: [keyassure] Opening issue #21: "Need to speci… Ben Laurie
Re: [keyassure] Opening issue #21: "Need to speci… Jakob Schlyter
Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
Re: [keyassure] Opening issue #21: "Need to speci… George Barwood
Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
Re: [keyassure] Opening issue #21: "Need to speci… Jakob Schlyter
Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
Re: [keyassure] Opening issue #21: "Need to speci… Yoav Nir
Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
Re: [keyassure] Opening issue #21: "Need to speci… bmanning
Re: [keyassure] Opening issue #21: "Need to speci… Brian Smith
Re: [keyassure] Opening issue #21: "Need to speci… Jakob Schlyter
Re: [keyassure] Opening issue #21: "Need to speci… Ben Laurie
Re: [keyassure] Opening issue #21: "Need to speci… Rob Stradling
Re: [keyassure] Opening issue #21: "Need to speci… George Barwood
Re: [keyassure] Opening issue #21: "Need to speci… Sean Turner
Re: [keyassure] Opening issue #21: "Need to speci… Nicholas Weaver
Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
Re: [keyassure] Opening issue #21: "Need to speci… bmanning
Re: [keyassure] Opening issue #21: "Need to speci… bmanning
Re: [keyassure] Opening issue #21: "Need to speci… Yoav Nir
Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
Re: [keyassure] Opening issue #21: "Need to speci… Tony Hansen