Re: [openpgp] SHA3 algorithm ids.

Phillip Hallam-Baker <phill@hallambaker.com> Mon, 10 August 2015 20:50 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5F081B3E57 for <openpgp@ietfa.amsl.com>; Mon, 10 Aug 2015 13:50:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8GY91ewZddaN for <openpgp@ietfa.amsl.com>; Mon, 10 Aug 2015 13:50:35 -0700 (PDT)
Received: from mail-la0-x22e.google.com (mail-la0-x22e.google.com [IPv6:2a00:1450:4010:c03::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3E861B3E54 for <openpgp@ietf.org>; Mon, 10 Aug 2015 13:50:34 -0700 (PDT)
Received: by labd1 with SMTP id d1so46724953lab.1 for <openpgp@ietf.org>; Mon, 10 Aug 2015 13:50:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=wB94GFybf5CQOD44CC7CrOYGuk0h+GK8SmCWL8zuVnA=; b=kVmahdhWXtOWMIDHrSa3Fq3mGWuDe7eQNX/LtDpXAa99TqB0wDhf412fot13aLkAYY mfMREnG7eIO9OzQ22oukh02cG8ix6cNbURlra4p2DgsaL16ez0jwjSTXA2D6sdbJzSOY er0ELq4GyT6tX1oyOSzVxnrlanX4vjSfMWTvaig9ieFd1XeMIgiX07AmEXeQTTEe+eYX +gFg/iQXoSzZZoxa/BxuYylCatq7M/koLpEw6azOIKjoFpFssphcw/v0u4XLbpw3y2mO 7lZtJKDHM9pEYxl31aohXjyFqNeGiDCvxcqAfO/+7488EcGhzo2xj82LbfzZOMiMO2Pu DREA==
MIME-Version: 1.0
X-Received: by 10.112.12.233 with SMTP id b9mr21833162lbc.91.1439239832990; Mon, 10 Aug 2015 13:50:32 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.203.163 with HTTP; Mon, 10 Aug 2015 13:50:32 -0700 (PDT)
In-Reply-To: <sjma8tztbgo.fsf@securerf.ihtfp.org>
References: <87y4hmi19i.fsf@vigenere.g10code.de> <7540C7A9-2830-4A63-8310-B684796DA279@nohats.ca> <55C681FC.9010100@iang.org> <sjma8tztbgo.fsf@securerf.ihtfp.org>
Date: Mon, 10 Aug 2015 16:50:32 -0400
X-Google-Sender-Auth: 1wbDkUcKbZ9xeA_-cN4tfuNueag
Message-ID: <CAMm+Lwj7SxXTn+KD-eQSeZHwJB36tCgD1t0bodVsp3ovOaZ8mw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Derek Atkins <derek@ihtfp.com>
Content-Type: multipart/alternative; boundary=001a11c3b9defdfa64051cfb22f8
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/sEas-oYel1GLNZG76NQdhweLyFo>
Cc: IETF OpenPGP <openpgp@ietf.org>, ianG <iang@iang.org>
Subject: Re: [openpgp] SHA3 algorithm ids.
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2015 20:50:37 -0000

I agree with Derek (I think).

There is a very clear need for 512 bits and there is a case for 256 bits.
It does not seem very likely that the other sizes will get use.

The competition did result in restoring most people's confidence in SHA-2.
It is widely deployed and used today. So I don't see a case for deprecating
any of the SHA-2 bit sizes.


Right now Comodo and various other CAs are using SHA-2-384 in our ECC certs
but that is based on using the NIST curves. It would not surprise me if
people using SHA-2 made the same choice. It is quite clear that the CFRG
ECC signature scheme will use 512 bit and that is the algorithm most likely
to be used with SHA-3.

Given that email recipients tend to end up having to implement all the code
points in a cipher suite because they can't really control what is sent, I
think it is a good plan to be a little parsimonious in selecting key sizes
and avoid choosing key strengths that aren't likely to see use.


On Mon, Aug 10, 2015 at 11:22 AM, Derek Atkins <derek@ihtfp.com>; wrote:

> ianG <iang@iang.org>; writes:
>
> > One would be good.  Suits me to go for the longest one.
>
> Possibly two...  But the SHA3 competition has shown that SHA2 is pretty
> darn good...
>
> > How about this:
> >
> >
> >
> >>>       ID           Algorithm                             Text Name
> >>>       --           ---------                             ---------
> >
> > snip
> >
> >>>       12         - RESERVED
> >>>       13         - RESERVED
> >>>       14         - RESERVED
> >>>       15         - SHA3-512 [FIPS202]                    "SHA3-512"
> >
> >
> >
> > And while we're at it, can we add DEPRECATED to all the rest except
> > SHA(2)512 ?
>
> I see no reason to deprecate SHA2-256.  But I'm fine with all the rest.
>
> > iang
>
> -derek
> --
>        Derek Atkins                 617-623-3745
>        derek@ihtfp.com             www.ihtfp.com
>        Computer and Internet Security Consultant
>
> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp
>