Re: NIST publishes new DSA draft

Jon Callas <jon@callas.org> Sun, 19 March 2006 20:15 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FL4JZ-0001rx-7o for openpgp-archive@lists.ietf.org; Sun, 19 Mar 2006 15:15:49 -0500
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FL4JU-0000Db-No for openpgp-archive@lists.ietf.org; Sun, 19 Mar 2006 15:15:49 -0500
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2JJpLVZ072894; Sun, 19 Mar 2006 12:51:21 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k2JJpL8l072893; Sun, 19 Mar 2006 12:51:21 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2JJpKrI072886 for <ietf-openpgp@imc.org>; Sun, 19 Mar 2006 12:51:21 -0700 (MST) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for <ietf-openpgp@imc.org>; Sun, 19 Mar 2006 11:51:18 -0800
Received: from [130.129.130.213] ([130.129.130.213]) by keys.merrymeet.com (PGP Universal service); Sun, 19 Mar 2006 11:51:18 -0800
X-PGP-Universal: processed; by keys.merrymeet.com on Sun, 19 Mar 2006 11:51:18 -0800
Mime-Version: 1.0 (Apple Message framework v746.3)
In-Reply-To: <20060317174937.GC13241@jabberwocky.com>
References: <20060314194447.4D59A57FB0@finney.org> <20060316192823.GA9945@jabberwocky.com> <441ACF45.704@systemics.com> <87fylhdq36.fsf@wheatstone.g10code.de> <20060317174937.GC13241@jabberwocky.com>
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <3C3EAEDD-7724-4E92-AA3C-49B5B2E6F3F9@callas.org>
Content-Transfer-Encoding: 7bit
From: Jon Callas <jon@callas.org>
Subject: Re: NIST publishes new DSA draft
Date: Sun, 19 Mar 2006 11:51:17 -0800
To: OpenPGP <ietf-openpgp@imc.org>
X-Mailer: Apple Mail (2.746.3)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cf4fa59384e76e63313391b70cd0dd25

I think we ought to keep it with the same algorithm number.

I'm happy to put in SHA-224 (meaning it's trivial work), but I don't  
like it, myself. The reason is that SHA-224 is really a truncated  
SHA-256. Thus, it has no advantages over SHA-256 except being smaller  
by 32-bits with 112 bits of security. The reason it exists at all is  
for crypto-balance with 2-key 3DES (which is not TDEA), which we  
don't allow at all. I don't think we should have it as it goes  
against our principles of wanting a minimum of 128-bits of security  
in OpenPGP. (Yes, yes, I know that SHA-1 doesn't meet this either,  
but until SHA-256, we didn't have many options. That doesn't mean the  
principle is wrong; we *have* options.)

	Jon