Re: [multipathtcp] Replacing SHA-1 with SHA-256
Greg Greenway <ggreenway@apple.com> Wed, 15 March 2017 21:31 UTC
Return-Path: <ggreenway@apple.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89874129C1B for <multipathtcp@ietfa.amsl.com>; Wed, 15 Mar 2017 14:31:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JxJ8SdeR5TP3 for <multipathtcp@ietfa.amsl.com>; Wed, 15 Mar 2017 14:31:21 -0700 (PDT)
Received: from mail-in21.apple.com (mail-out21.apple.com [17.171.2.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2D0C129C25 for <multipathtcp@ietf.org>; Wed, 15 Mar 2017 14:31:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1489613479; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=VK/Ghw8jK1MSVEiryDgzAlysloQYFbqia2MMjfhuHFQ=; b=wqm7MQTGzQLnJl/sLeV9a8Z85NY8amgvRBTGS5ENrLVlMGO6hjaYoaPqpINDu5pq Rsr04e47or4derNoZjiV2aFYJ2N41c/PGawBFXsACh1QfbqMsP4zf+i0eDwqaMkX 7oz6CBPNoHuNpua7MNaP3cEbB+wN1iXlYywhWnrpWLfs/zhURHdd3wDYTkZsf30u XJdcjmZX71aXUDEgWgVKybQZn4y62yKVSum4S7x7FWWvgDYeNZBQ9fcR7HPkVXdC 46iqZ9e2oIB0Ac6KQMMBC6SAmFaTKmJiyfGWa//HCG6q7z/GLb1nQWDURsD2pYi8 Ohx6JtPJhbHf9GgWmkcqQA==;
Received: from relay2.apple.com (relay2.apple.com [17.128.113.67]) by mail-in21.apple.com (Apple Secure Mail Relay) with SMTP id A6.2F.16622.6A2B9C85; Wed, 15 Mar 2017 14:31:19 -0700 (PDT)
X-AuditID: 11ab0215-3e5889a0000040ee-05-58c9b2a65cec
Received: from kencur (kencur.apple.com [17.151.62.38]) by relay2.apple.com (Apple SCV relay) with SMTP id 8C.E7.25530.6A2B9C85; Wed, 15 Mar 2017 14:31:18 -0700 (PDT)
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_tn/4qd24tNPeu8w62rh/3A)"
Received: from [17.149.214.135] (unknown [17.149.214.135]) by kencur.apple.com (Oracle Communications Messaging Server 8.0.1.2.20170210 64bit (built Feb 10 2017)) with ESMTPSA id <0OMV00BCKL46GQ50@kencur.apple.com>; Wed, 15 Mar 2017 14:31:18 -0700 (PDT)
Sender: ggreenway@apple.com
From: Greg Greenway <ggreenway@apple.com>
Message-id: <ED4CCFD3-35DB-4EE5-B4C0-6F80D590580C@apple.com>
Date: Wed, 15 Mar 2017 14:31:17 -0700
In-reply-to: <5254457A-9922-4E02-8A60-18E712A3EE5D@gmail.com>
Cc: multipathtcp@ietf.org
To: Alan Ford <alan.ford@gmail.com>
References: <5254457A-9922-4E02-8A60-18E712A3EE5D@gmail.com>
X-Mailer: Apple Mail (2.3259)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrELMWRmVeSWpSXmKPExsUi2FDorLt808kIg10HWS1WnlvBbPF59XU2 ByaPnbPusnssWfKTKYApissmJTUnsyy1SN8ugStjy89rTAX9ShXb771gbmDcI9vFyMkhIWAi 8ffpSRYQW0hgH6PEzS+GMPFl098xQsRXMEp0LRAFsXkFBCV+TL4HVs8sECbx6fM91i5GLqCa ViaJLdv+MIMkhAWkJXq7n4M1swloSty5upIJotlGYvKJR6wQNRZA8QfsIDaLgKrElzkTwXo5 BWwljl/5wAixQFJixd9PQPUcHCICyhLLZ7FC3GMjce/4KzaIO2Ul3v5awgxyg4TAHjaJvlnL WScwCs1CcussJLfOAhrFLKAuMWVKLkRYW+LJuwusELaaxMLfi5iQxRcwsq1iFM5NzMzRzcwz MtRLLCjISdVLzs/dxAiKhNVMojsY578yPMQowMGoxMP7wv9khBBrYllxZe4hRmkOFiVx3ujF JyKEBNITS1KzU1MLUovii0pzUosPMTJxcEo1MPrzpBiXfPr4Okf/Qu/+/8tYcuV9L/wXmq5o fnD2iQ+34z+XFTRvXhSz7uD9V1fcdn6dKW6u7D3hVQtzgqzdchVH7RPH3rb2TFpwcZ4su8Ke M61b99h+ca9NOulZKmDzYcYiP5XPd04Um9qcEWbPiYuz0TGWueJ5umk64zSXgi1OeQw7L4kt ZFdiKc5INNRiLipOBAC6hQU6ZQIAAA==
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrDIsWRmVeSWpSXmKPExsUiON1OTXfZppMRBrOP6VisPLeC2eLz6uts DkweO2fdZfdYsuQnUwBTFJdNSmpOZllqkb5dAlfGlp/XmAr6lSq233vB3MC4R7aLkZNDQsBE Ytn0d4wgtpDACkaJrgWiIDavgKDEj8n3WEBsZoEwiU+f77F2MXIB1bQySWzZ9ocZJCEsIC3R 2/0crJlNQFPiztWVTBDNNhKTTzxihaixAIo/YAexWQRUJb7MmQjWyylgK3H8ygdGiAWSEiv+ fgKq5+AQEVCWWD6LFeIeG4l7x1+xQdwpK/H21xLmCYz8s5CcNwvJebOAupkF1CWmTMmFCGtL PHl3gRXCVpNY+HsRE7L4Aka2VYwCRak5iZVGeokFBTmpesn5uZsYQYHbUOi8g/HYMqtDjAIc jEo8vBN8T0YIsSaWFVfmHmKU4GBWEuHNXwUU4k1JrKxKLcqPLyrNSS0+xDiREejHicxSosn5 wLjKK4k3NDExMDE2NjM2Njcxp6WwkjjvLy2giwTSE0tSs1NTC1KLYI5i4uCUamBs+HtW64Wy +rrV74R/hzAcS5qyU+sTp8upCtcVO0vmyb3tenr+OLufR6T3d1P7yqM/Gm5vX/ju7tmcmV0l +e23AqdIrZXcN+Xk5d47t/bMrrrYffbTZDk/xQmXA3pUbW5uDo2ZM2tHTuPU+MrnFfqbFlau aOdgNN6mbr/3ZNWLTY+OTFXdLCp3TImlOCPRUIu5qDgRACkT5aPPAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/9pMkvWFfepWTmIG1ZEbRTpDYMJg>
Subject: Re: [multipathtcp] Replacing SHA-1 with SHA-256
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Mar 2017 21:31:22 -0000
Would this change also set a different bit in the MP_CAPABLE option for crypto algorithm negotiation (eg set bit G for SHA-256, instead of the current bit H for SHA-1)? Thanks, Greg > On Mar 13, 2017, at 1:44 PM, Alan Ford <alan.ford@gmail.com> wrote: > > Hi all, > > It’s been flagged up off-list that given SHA-1 is being deprecated, we should probably look to replace it with SHA-256 in 6824bis. Even though we use truncations of these hashes, the benefits gained from SHA-256 are maybe not significant, but does mean that legacy SHA-1 code would not be required by implementors. > > Does anyone have any concerns about such a change? We do not believe it would be significant and could be a direct drop-in in the places where SHA-1 is referenced and used today. > > Regards, > Alan > > > > _______________________________________________ > multipathtcp mailing list > multipathtcp@ietf.org > https://www.ietf.org/mailman/listinfo/multipathtcp
- [multipathtcp] Replacing SHA-1 with SHA-256 Alan Ford
- Re: [multipathtcp] Replacing SHA-1 with SHA-256 Greg Greenway
- Re: [multipathtcp] Replacing SHA-1 with SHA-256 Olivier Bonaventure
- Re: [multipathtcp] Replacing SHA-1 with SHA-256 Greg Greenway
- Re: [multipathtcp] Replacing SHA-1 with SHA-256 Yoshifumi Nishida
- Re: [multipathtcp] Replacing SHA-1 with SHA-256 Alan Ford