Re: [Sam Hartman] Openpgp comments
Werner Koch <wk@gnupg.org> Wed, 20 September 2006 13:25 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GQ24j-0001wi-2U for openpgp-archive@lists.ietf.org; Wed, 20 Sep 2006 09:25:17 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GQ24h-0005jk-Gz for openpgp-archive@lists.ietf.org; Wed, 20 Sep 2006 09:25:17 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k8KCrTuF091703; Wed, 20 Sep 2006 05:53:29 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k8KCrTPW091702; Wed, 20 Sep 2006 05:53:29 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k8KCrRj9091696 for <ietf-openpgp@imc.org>; Wed, 20 Sep 2006 05:53:28 -0700 (MST) (envelope-from wk@gnupg.org)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.50 #1 (Debian)) id 1GQ1i4-0006Pp-Cm for <ietf-openpgp@imc.org>; Wed, 20 Sep 2006 15:01:52 +0200
Received: from wk by localhost with local (Exim 4.62 #1 (Debian)) id 1GQ1TB-0005kg-Qp; Wed, 20 Sep 2006 14:46:29 +0200
From: Werner Koch <wk@gnupg.org>
To: Anton Stiglic <astiglic@okiok.com>
Cc: "'Daniel A. Nagy'" <nagydani@epointsystem.org>, 'OpenPGP' <ietf-openpgp@imc.org>
Subject: Re: [Sam Hartman] Openpgp comments
References: <20060920115146.9E8981683A9@mail.okiok.com>
Organisation: g10 Code GmbH
OpenPGP: id=5B0358A2; url=finger:wk@g10code.com
Date: Wed, 20 Sep 2006 14:46:29 +0200
In-Reply-To: <20060920115146.9E8981683A9@mail.okiok.com> (Anton Stiglic's message of "Wed, 20 Sep 2006 07:40:35 -0400")
Message-ID: <874pv24sey.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.110006 (No Gnus v0.6)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 1.8 (+)
X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9
On Wed, 20 Sep 2006 13:40, Anton Stiglic said: > NIST is planning to phase out SHA-1 by 2010, they are going with SHA-224, > SHA-256, SHA-384 and SHA-512. > http://csrc.nist.gov/hash_standards_comments.pdf > > In Canada, CSE will phase out SHA-1 for protected C information by 2008. A note to describe why we use SHA-1 with the MDC would really be appropriate. We are not using it for authentication but to detect manipulation of data. This is commonly known as a checksum. Thus, the acronym MDC and not MAC. To me detection and authentication have different semantics. It has been said a few times: The MDC is not what we need to care about when thinking of SHA-1 vulnerabilities. There are other usages of SHA-1 we need to rethink. Over the last 8 years since rfc2440 we have talked several times about things we want to address in the future. There is actually a long list. We can't keep important OpenPGP features - which address actual vulnerabilities - any longer in an I-D state just for the sake of getting rid of SHA-1 now. We need time to address all these items properly and not do some ad-hoc solutions. In the meantime 2440bis needs to get out. Whether with or without an MDCv2 political option, I don't care. > I don't know what is going on in Europe and the rest of the world, but I > would be surprised if they were going with SHA-1 in the long term. > You cannot ignore these decisions if you want openpgp to be successful. I have not heard about any plans to switch to SHA-2. At least Germany is still using RIPME-MD160 out of fear that SHA-1 has been developed in the U.S. I don't think that this algorithm is any better than SHA-1 but some people decided in the past to use an European algorithm (another layer 9 issue). Salam-Shalom, Werner
- [Sam Hartman] Openpgp comments Derek Atkins
- Re: [Sam Hartman] Openpgp comments "Hal Finney"
- Re: [Sam Hartman] Openpgp comments Jon Callas
- Re: [Sam Hartman] Openpgp comments David Shaw
- Re: [Sam Hartman] Openpgp comments Ian G
- Re: [Sam Hartman] Openpgp comments Werner Koch
- Re: [Sam Hartman] Openpgp comments Ian G
- Re: [Sam Hartman] Openpgp comments David Shaw
- Re: [Sam Hartman] Openpgp comments Werner Koch
- Re: [Sam Hartman] Openpgp comments David Shaw
- Re: [Sam Hartman] Openpgp comments Ian G
- Re: [Sam Hartman] Openpgp comments Jon Callas
- Re: [Sam Hartman] Openpgp comments Daniel A. Nagy
- Re: [Sam Hartman] Openpgp comments David Shaw
- Re: [Sam Hartman] Openpgp comments Daniel A. Nagy
- RE: [Sam Hartman] Openpgp comments Anton Stiglic
- Re: [Sam Hartman] Openpgp comments Werner Koch
- Re: [Sam Hartman] Openpgp comments Lutz Donnerhacke
- Re: [Sam Hartman] Openpgp comments Marko Kreen