AES/SHA1/Must/Should
Ian G <iang@systemics.com> Wed, 13 April 2005 21:32 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA08840 for <openpgp-archive@lists.ietf.org>; Wed, 13 Apr 2005 17:32:21 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j3DL3RG4094850; Wed, 13 Apr 2005 14:03:27 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j3DL3RKB094849; Wed, 13 Apr 2005 14:03:27 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from www.enhyper.com (mailgate.enhyper.com [62.49.250.18]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j3DL3Q7t094843 for <ietf-openpgp@imc.org>; Wed, 13 Apr 2005 14:03:26 -0700 (PDT) (envelope-from iang@systemics.com)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by www.enhyper.com (8.11.6/8.11.6) with SMTP id j3DL3EU25929 for <ietf-openpgp@imc.org>; Wed, 13 Apr 2005 22:03:19 +0100
X-Authentication-Warning: www.enhyper.com: localhost.localdomain [127.0.0.1] didn't use HELO protocol
Message-ID: <425D89E7.2000705@systemics.com>
Date: Wed, 13 Apr 2005 22:06:47 +0100
From: Ian G <iang@systemics.com>
Organization: http://financialcryptography.com/
User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050406)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: OpenPGP <ietf-openpgp@imc.org>
Subject: AES/SHA1/Must/Should
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit
Is the draft 12 the current working text? I noticed it expires in another month. Did we resolve the question of whether to make changes to the MUST / SHOULD algorithms? I'm all in favour of saying AES-128 is now the MUST and triple DES becomes the SHOULD. In practice, most implementations would be there already as they will have done both (Cryptix Java is, and so is Perl's Crypt::OpenPGP). SHA is harder as we've discussed. If we agree to leave matters lie, then here's one potential addition to 13 (I cribbed the wording from the other points, but any wording could be considered....): 13. Security Considerations - suggested addition * In October 2004, the Shandong university team of Wang, Yin, Yu announced attacks on reduced rounds of SHA1. Collisions are predicted in 2^69 steps rather than the full 2^80 steps. For this reason SHA1 is widely expected to be deprecated in coming years. Implementors may prefer to move to wider length SHA algorithms as appropriate. iang -- News and views on what matters in finance+crypto: http://financialcryptography.com/
- AES/SHA1/Must/Should Ian G
- Re: AES/SHA1/Must/Should David Shaw
- Re: AES/SHA1/Must/Should Jon Callas
- Re: AES/SHA1/Must/Should Ian G
- Re: AES/SHA1/Must/Should David Shaw
- Re: AES/SHA1/Must/Should David Shaw
- Re: AES/SHA1/Must/Should Ian G
- Re: AES/SHA1/Must/Should David Shaw
- Re: AES/SHA1/Must/Should Ian G
- Re: AES/SHA1/Must/Should David Shaw