Re: [openpgp] New fingerprint: which hash algo (was: to v5 or not to v5)

Tom Ritter <tom@ritter.vg> Sun, 04 October 2015 17:28 UTC

Return-Path: <tom@ritter.vg>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7C401B2AF5 for <openpgp@ietfa.amsl.com>; Sun, 4 Oct 2015 10:28:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Level:
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PrVL8zFHflGj for <openpgp@ietfa.amsl.com>; Sun, 4 Oct 2015 10:28:14 -0700 (PDT)
Received: from mail-io0-x22b.google.com (mail-io0-x22b.google.com [IPv6:2607:f8b0:4001:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 040A41A7D82 for <openpgp@ietf.org>; Sun, 4 Oct 2015 10:28:14 -0700 (PDT)
Received: by ioiz6 with SMTP id z6so164359511ioi.2 for <openpgp@ietf.org>; Sun, 04 Oct 2015 10:28:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=fmBGKlZtuGHWN2jR3EL0CSE+y7qf2oVxh8g+6GpKRgM=; b=tP1i8Jx3HlZ8b7zlqNYiG/N9dKcPQuUu6BqJ0MMsQJoLy6iOaj6IkAAEV6su4ZIhxO S+rrjvexboQ8XCMAjeYB/QTwmDNW7/pkxaNdbV8taaKS7O1uvRPFh/UJPZoM7dpYL6hF n0k3D7/yQ/zGFZb/d06HqvYYVIlnJIOowVcuk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=fmBGKlZtuGHWN2jR3EL0CSE+y7qf2oVxh8g+6GpKRgM=; b=Ku/OqI7TCfVYdQCIEay75wUnMKSUdaVbDbVTs1cTjPuIDuuVea7tCAnnMZkBzwuSus P0qj6dTaXlon2U2bc7+VUbZVqfqsy9P0CEbKrw1kxGUBVb2nvL6aFgnyZaxav7yIITHM 6wzih2fvqi2RMBDMMpnR99dpu1IqzNyNRQHmu3445bAadrrna0obB2xgFSagMnxQJ66+ OkqkQgWQ2cu5xNsenew9LTKjjjZhLjK4x9nOOvDhQIRsxEh3qRvAyJ+ux24ee8j4L00B tNW2csQKsZ82oC+eI4pxl5SHKeurRlzzgU+W5uQZ4AGYNdZ/eL4xwCZqc3vPn5cL6VBK 37PQ==
X-Gm-Message-State: ALoCoQlBCSqqmz0HrcJ+1JT/4mN2DZSZHhoixZiVdyY1jBxZ2B2fvYpz8t37qP0sjiTeXlm+QlPf
X-Received: by 10.107.170.223 with SMTP id g92mr23231031ioj.79.1443979693366; Sun, 04 Oct 2015 10:28:13 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.79.95.195 with HTTP; Sun, 4 Oct 2015 10:27:53 -0700 (PDT)
In-Reply-To: <87mvw4ctv5.fsf_-_@vigenere.g10code.de>
References: <878u84zy4r.fsf@vigenere.g10code.de> <55FD7CF0.8030200@iang.org> <87io742kz7.fsf@latte.josefsson.org> <87mvw4ctv5.fsf_-_@vigenere.g10code.de>
From: Tom Ritter <tom@ritter.vg>
Date: Sun, 4 Oct 2015 12:27:53 -0500
Message-ID: <CA+cU71n1OUq4TtmY+8S2yfu2bvjAr+=DwtN-4xRW4xitjDpFXg@mail.gmail.com>
To: Simon Josefsson <simon@josefsson.org>, ianG <iang@iang.org>, IETF OpenPGP <openpgp@ietf.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/etrAtPq9dyIuEWVoHByOd2RgEFQ>
Subject: Re: [openpgp] New fingerprint: which hash algo (was: to v5 or not to v5)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Oct 2015 17:28:15 -0000

On 30 September 2015 at 01:18, Werner Koch <wk@gnupg.org>; wrote:
> On Mon, 21 Sep 2015 11:13, simon@josefsson.org said:
>
>> Regarding which hash to use, SHA-256 is probably the simplest choice
>> From a practicallity and consensus point of view.  Are there any strong
>> reasons to favor something else?

I have a small preference to see the fingerprint algorithm match what
we believe the most popular signature (hash) algorithm will be. I've
been working with a number of embedded folks and code size can often
be a big concern. More Algorithms, More Code.

-tom