Re: [openpgp] SHA3 algorithm ids.

Paul Wouters <paul@nohats.ca> Sat, 08 August 2015 12:43 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40DCB1A872C for <openpgp@ietfa.amsl.com>; Sat, 8 Aug 2015 05:43:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0JILihXrf72E for <openpgp@ietfa.amsl.com>; Sat, 8 Aug 2015 05:43:27 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3FC61A7017 for <openpgp@ietf.org>; Sat, 8 Aug 2015 05:43:26 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3mpNWv57MZz3PG; Sat, 8 Aug 2015 14:43:23 +0200 (CEST)
Authentication-Results: mx.nohats.ca; dkim=pass (1024-bit key) header.d=nohats.ca header.i=@nohats.ca header.b=TPkEgfF4
X-OPENPGPKEY: Message passed unmodified
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id Mm9GhnJDnTXX; Sat, 8 Aug 2015 14:43:21 +0200 (CEST)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Sat, 8 Aug 2015 14:43:21 +0200 (CEST)
Received: from [192.168.0.16] (a11209.upc-a.chello.nl [62.163.11.209]) by bofh.nohats.ca (Postfix) with ESMTPSA id B402E800B3; Sat, 8 Aug 2015 08:43:20 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1439037800; bh=0aWTn7YPka0CDLCWSr2wpsGf3fk5NmlHAdcGzBSbcbA=; h=References:In-Reply-To:Cc:From:Subject:Date:To; b=TPkEgfF4obyjIFlckWkoybVkcbOKuHwtBcRcmYgbj2MGWaXjlpMS2G/IpqIo2WAes 4hzFuVSjurN8nayvotrKqJhh7KM6iJJUH76d8p39lX+SyTAsTDc+6TJeorJpcKGB5b cgPO58GWumu6rLv7lAasjCI0c0hGjKTX3htIJwy0=
References: <87y4hmi19i.fsf@vigenere.g10code.de>
Mime-Version: 1.0 (1.0)
In-Reply-To: <87y4hmi19i.fsf@vigenere.g10code.de>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Message-Id: <7540C7A9-2830-4A63-8310-B684796DA279@nohats.ca>
X-Mailer: iPhone Mail (13A4325c)
From: Paul Wouters <paul@nohats.ca>
Date: Sat, 8 Aug 2015 14:43:19 +0200
To: Werner Koch <wk@gnupg.org>
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/bR20IDMPCeY_EoEa97Bguo_A3z4>
Cc: openpgp@ietf.org
Subject: Re: [openpgp] SHA3 algorithm ids.
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Aug 2015 12:43:29 -0000

What is the rationale to implement all sha3 variants?

I understand some protocols need lower grade versions for performance reasons but that seems to matter a lot less for openpgp usage. Why not just implement sha3-512?

Sent from my iPhone

> On Aug 8, 2015, at 11:21, Werner Koch <wk@gnupg.org>; wrote:
> 
> Hi!
> 
> Now that an official SHA3 specs has been published I would like to see
> algorithm ids assigned.  Although it is some time until we can publish
> rfc-4880bis, it would be useful to agree on the algorithm ids now.
> This would be helpful for experimental implementations.  Thus what about
> this new table with the SHA2 drop in replacements:
> 
>      ID           Algorithm                             Text Name
>      --           ---------                             ---------
>      1          - MD5 [HAC]                             "MD5"
>      2          - SHA-1 [FIPS180]                       "SHA1"
>      3          - RIPE-MD/160 [HAC]                     "RIPEMD160"
>      4          - Reserved
>      5          - Reserved
>      6          - Reserved
>      7          - Reserved
>      8          - SHA256 [FIPS180]                      "SHA256"
>      9          - SHA384 [FIPS180]                      "SHA384"
>      10         - SHA512 [FIPS180]                      "SHA512"
>      11         - SHA224 [FIPS180]                      "SHA224"
>      12         - SHA3-224 [FIPS202]                    "SHA3-224"
>      13         - SHA3-256 [FIPS202]                    "SHA3-256"
>      14         - SHA3-384 [FIPS202]                    "SHA3-384"
>      15         - SHA3-512 [FIPS202]                    "SHA3-512"
>      100 to 110 - Private/Experimental algorithm
> 
> Note that I ordered SHA3-224 first; when we did SHA2 we forgot about 224
> and thus it ended up out of order.
> 
> I am not sure about the text name.  Is a dash okay (cf. armor header)?
> 
> The OIDS are:
> 
>   The hexadecimal representations for the
>   currently defined hash algorithms are as follows:
> 
>     [...]  
> 
>     - SHA3-224:   0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x07
>     - SHA3-256:   0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x08
>     - SHA3-384:   0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x09
>     - SHA3-512:   0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0a
> 
>   The ASN.1 Object Identifiers (OIDs) are as follows:
> 
>     [...]
> 
>     - SHA3-224:   2.16.840.1.101.3.4.2.7
>     - SHA3-256:   2.16.840.1.101.3.4.2.8
>     - SHA3-384:   2.16.840.1.101.3.4.2.9
>     - SHA3-512:   2.16.840.1.101.3.4.2.10
> 
>   The full hash prefixes for these are as follows:
> 
>       [...]
> 
>       SHA3-224:   0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
>                   0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x07, 0x05,
>                   0x00, 0x04, 0x40
> 
>       SHA3-256:   0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
>                   0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x07, 0x05,
>                   0x00, 0x04, 0x40
> 
>       SHA3-384:   0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
>                   0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x07, 0x05,
>                   0x00, 0x04, 0x40
> 
>       SHA3-512:   0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
>                   0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x07, 0x05,
>                   0x00, 0x04, 0x40
> 
> 
> 
> Shalom-Salam,
> 
>   Werner
> 
> 
> -- 
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
> 
> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp