Re: [openpgp] Why or why not SHA{2, 3}-512 (was: SHA3 algorithm ids)

Phillip Hallam-Baker <phill@hallambaker.com> Tue, 11 August 2015 21:22 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B85B81B2ACB for <openpgp@ietfa.amsl.com>; Tue, 11 Aug 2015 14:22:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6T0E6R0YQKbi for <openpgp@ietfa.amsl.com>; Tue, 11 Aug 2015 14:22:13 -0700 (PDT)
Received: from mail-lb0-x22f.google.com (mail-lb0-x22f.google.com [IPv6:2a00:1450:4010:c04::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2DED51B2ADF for <openpgp@ietf.org>; Tue, 11 Aug 2015 14:20:05 -0700 (PDT)
Received: by lbbsx3 with SMTP id sx3so37313671lbb.0 for <openpgp@ietf.org>; Tue, 11 Aug 2015 14:20:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=kclfyLoUyzLUkdKe9dqlRJtlLOgXuov7etkAvpKdMhA=; b=e+rviN9GlxuQhui0/0VIpY5mgrnpElJNvupl44d+XiNPjSR1RMhc6xtpQGLpeTxl3D b91FTFQG/2GSn1Db8VHIKihCNPr9oYvZ8Em86kHYwfBikyz420XS/oTtIY+l2epFNcol G3dVnRmKyVL3+NVuzbgzzyq3xdxO8m2AFSOpY3P1WcEWnGhxaqUXewsSYEYz/mHxhd5/ naMJ3o1EJSowyotX4A9dkZfISbc9g40EcC/Y3BhIvpGeZWFzvwQrZIr+yF6k4lJ9bHGL xZm412HcdIp+IpZJPT/BbnC68RBSUwv9mZjU686PE5gnj8IUxZBOEIrW86a4cWxMOvWn mLyg==
MIME-Version: 1.0
X-Received: by 10.152.206.41 with SMTP id ll9mr28825719lac.103.1439328003481; Tue, 11 Aug 2015 14:20:03 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.203.163 with HTTP; Tue, 11 Aug 2015 14:20:03 -0700 (PDT)
In-Reply-To: <87a8txg7dz.fsf_-_@vigenere.g10code.de>
References: <87y4hmi19i.fsf@vigenere.g10code.de> <7540C7A9-2830-4A63-8310-B684796DA279@nohats.ca> <55C681FC.9010100@iang.org> <sjma8tztbgo.fsf@securerf.ihtfp.org> <CAMm+Lwj7SxXTn+KD-eQSeZHwJB36tCgD1t0bodVsp3ovOaZ8mw@mail.gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4AD7C72@uxcn10-5.UoA.auckland.ac.nz> <CAMm+LwifPNxyj1LLA-k+8K=mmEztS42E2kcEfGFObPc0R2xvMQ@mail.gmail.com> <87a8txg7dz.fsf_-_@vigenere.g10code.de>
Date: Tue, 11 Aug 2015 17:20:03 -0400
X-Google-Sender-Auth: R-YkNnNuFEnTTlbJNs4hj3joJQ0
Message-ID: <CAMm+Lwh_F5UsE8AQ=DcoKFhYu3UT5A__B7MS1o37dFud8bs4Kg@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, IETF OpenPGP <openpgp@ietf.org>, Derek Atkins <derek@ihtfp.com>, ianG <iang@iang.org>
Content-Type: multipart/alternative; boundary=001a1133af6a5ce85a051d0faaed
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/AoFKtTdDUgZasNPsxY28K7gKjHI>
Subject: Re: [openpgp] Why or why not SHA{2, 3}-512 (was: SHA3 algorithm ids)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2015 21:22:14 -0000

On Tue, Aug 11, 2015 at 11:41 AM, Werner Koch <wk@gnupg.org>; wrote:

> On Tue, 11 Aug 2015 16:16, phill@hallambaker.com said:
>
> > every option. If you are going to sign a 1Gb file then you are going to
> > need multiple trips through the digest function. Now there is of course a
>
> This is not an option for OpenPGP!  OpenPGP has been carefully designed
> to allow its use in a pipe ("online" in current parlance).  Any signing
> function which requires multiple passes over the signed data is useless.
> (I heard of encrypted(+signed) backups in the TiB range.)


That isn't what I was referring to, the signature mechanisms are using the
digests internally. So the 1Gb file will go through once. But the proof of
correctness for the signature algorithm itself requires internal digest
functions.