Re: Standardize RSA/SHA256 ?
Simon Josefsson <jas@extundo.com> Fri, 12 May 2006 09:54 UTC
From: Simon Josefsson <jas@extundo.com>
Subject: Re: Standardize RSA/SHA256 ?
Date: Fri, 12 May 2006 11:54:56 +0200
Lines: 45
References: <6.2.5.6.2.20060508094001.03182b80@ogud.com> <Pine.LNX.4.44.0605091629550.31070-100000@citation2.av8.net> <87vesecle7.fsf@latte.josefsson.org> <44644DBB.3080605@NLnetLabs.nl>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Cc: namedroppers@ops.ietf.org
X-From: owner-namedroppers@ops.ietf.org Fri May 12 12:01:35 2006
Return-path: <owner-namedroppers@ops.ietf.org>
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on psg.com
X-Spam-Level:
X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,FORGED_RCVD_HELO autolearn=ham version=3.1.1
To: Jelte Jansen <jelte@NLnetLabs.nl>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:060512:jelte@nlnetlabs.nl::QNiohHBTV4FDGlxb:7Mmc
X-Hashcash: 1:22:060512:namedroppers@ops.ietf.org::vuIN/3JhCGksX6A4:vdTG
In-Reply-To: <44644DBB.3080605@NLnetLabs.nl> (Jelte Jansen's message of "Fri, 12 May 2006 10:56:27 +0200")
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux)
X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com
X-Virus-Status: Clean
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
X-Message-ID:
Message-ID: <20140418072200.2560.26245.ARCHIVE@ietfa.amsl.com>
Jelte Jansen <jelte@NLnetLabs.nl> writes: >> >>> For the above reasons, I think that we have time to consider the >>> correct course of action. There is no need to rush into more >>> algorithms which require more code on nameservers and resolvers. >> >> Yes, or at least, we need to document a more compelling reason to do >> RSA-SHA-265. >> > > So why is this an issue for RSA/SHA256, and not for > draft-ietf-dnsext-ds-sha256-05.txt, which also makes SHA256 mandatory? I suppose it applies to both. Changing the RSA signature algorithm also begs the question: Do we want to move to RSA-PSS? See PKCS#1 2.1 in RFC 3447. I believe RFC 3447, and RSA Labs has encouraged a gradual shift from RSA-PKCS#1 1.5 to RSA-PSS for a few years now: http://www.rsasecurity.com/rsalabs/node.asp?id=2005 One advantage with RSA-PSS is that it is easier to analyse theoretically, and there are security proofs for it. One disadvantage is that RSA-PSS requires entropy during signing. > btw, both drafts don't deprecate SHA-1 but do assume that SHA256 is > stronger and contain text about downgrade attacks based on this assumption. Ólafur wrote: Q3: My personal opinion not speaking as a chair: If RSA/SHA256 is specified then RSA/SHA1 should be tagged as "Not recommended". /Simon -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- RE: Standardize RSA/SHA256 ? Hallam-Baker, Phillip
- Re: Standardize RSA/SHA256 ? Wes Hardaker
- Re: Standardize RSA/SHA256 ? Ólafur Guðmundsson /DNSEXT co-chair
- Standardize RSA/SHA256 ? Ólafur Guðmundsson /DNSEXT co-chair
- Re: Standardize RSA/SHA256 ? Russ Mundy
- Re: Standardize RSA/SHA256 ? Francis Dupont
- Re: Standardize RSA/SHA256 ? Rob Austein
- Re: Standardize RSA/SHA256 ? Mike StJohns
- RE: Standardize RSA/SHA256 ? Hallam-Baker, Phillip
- Re: Standardize RSA/SHA256 ? Hilarie Orman
- Re: Standardize RSA/SHA256 ? Simon Josefsson
- Re: Standardize RSA/SHA256 ? Dean Anderson
- Re: Standardize RSA/SHA256 ? Simon Josefsson
- Re: Standardize RSA/SHA256 ? Ben Laurie
- Re: Standardize RSA/SHA256 ? Simon Josefsson
- RE: Standardize RSA/SHA256 ? Loomis, Rip
- RE: Standardize RSA/SHA256 ? Hallam-Baker, Phillip
- Re: Standardize RSA/SHA256 ? Jelte Jansen
- Re: Standardize RSA/SHA256 ? Simon Josefsson
- Re: Standardize RSA/SHA256 ? Ólafur Guðmundsson /DNSEXT co-chair
- Re: Standardize RSA/SHA256 ? Ben Laurie
- Re: Standardize RSA/SHA256 ? Mike StJohns
- Re: Standardize RSA/SHA256 ? Mark Feldman
- Re: Standardize RSA/SHA256 ? Chris Thompson
- Re: Standardize RSA/SHA256 ? Hallam-Baker, Phillip
- Re: Standardize RSA/SHA256 ? Ben Laurie
- Re: Standardize RSA/SHA256 ? Ben Laurie
- RE: Standardize RSA/SHA256 ? Hallam-Baker, Phillip
- Re: Standardize RSA/SHA256 ? Ólafur Guðmundsson /DNSEXT co-chair