Re: [openpgp] SHA3 algorithm ids.
Phillip Hallam-Baker <phill@hallambaker.com> Mon, 10 August 2015 20:50 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5F081B3E57 for <openpgp@ietfa.amsl.com>; Mon, 10 Aug 2015 13:50:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8GY91ewZddaN for <openpgp@ietfa.amsl.com>; Mon, 10 Aug 2015 13:50:35 -0700 (PDT)
Received: from mail-la0-x22e.google.com (mail-la0-x22e.google.com [IPv6:2a00:1450:4010:c03::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3E861B3E54 for <openpgp@ietf.org>; Mon, 10 Aug 2015 13:50:34 -0700 (PDT)
Received: by labd1 with SMTP id d1so46724953lab.1 for <openpgp@ietf.org>; Mon, 10 Aug 2015 13:50:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=wB94GFybf5CQOD44CC7CrOYGuk0h+GK8SmCWL8zuVnA=; b=kVmahdhWXtOWMIDHrSa3Fq3mGWuDe7eQNX/LtDpXAa99TqB0wDhf412fot13aLkAYY mfMREnG7eIO9OzQ22oukh02cG8ix6cNbURlra4p2DgsaL16ez0jwjSTXA2D6sdbJzSOY er0ELq4GyT6tX1oyOSzVxnrlanX4vjSfMWTvaig9ieFd1XeMIgiX07AmEXeQTTEe+eYX +gFg/iQXoSzZZoxa/BxuYylCatq7M/koLpEw6azOIKjoFpFssphcw/v0u4XLbpw3y2mO 7lZtJKDHM9pEYxl31aohXjyFqNeGiDCvxcqAfO/+7488EcGhzo2xj82LbfzZOMiMO2Pu DREA==
MIME-Version: 1.0
X-Received: by 10.112.12.233 with SMTP id b9mr21833162lbc.91.1439239832990; Mon, 10 Aug 2015 13:50:32 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.203.163 with HTTP; Mon, 10 Aug 2015 13:50:32 -0700 (PDT)
In-Reply-To: <sjma8tztbgo.fsf@securerf.ihtfp.org>
References: <87y4hmi19i.fsf@vigenere.g10code.de> <7540C7A9-2830-4A63-8310-B684796DA279@nohats.ca> <55C681FC.9010100@iang.org> <sjma8tztbgo.fsf@securerf.ihtfp.org>
Date: Mon, 10 Aug 2015 16:50:32 -0400
X-Google-Sender-Auth: 1wbDkUcKbZ9xeA_-cN4tfuNueag
Message-ID: <CAMm+Lwj7SxXTn+KD-eQSeZHwJB36tCgD1t0bodVsp3ovOaZ8mw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Derek Atkins <derek@ihtfp.com>
Content-Type: multipart/alternative; boundary="001a11c3b9defdfa64051cfb22f8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/sEas-oYel1GLNZG76NQdhweLyFo>
Cc: IETF OpenPGP <openpgp@ietf.org>, ianG <iang@iang.org>
Subject: Re: [openpgp] SHA3 algorithm ids.
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2015 20:50:37 -0000
I agree with Derek (I think). There is a very clear need for 512 bits and there is a case for 256 bits. It does not seem very likely that the other sizes will get use. The competition did result in restoring most people's confidence in SHA-2. It is widely deployed and used today. So I don't see a case for deprecating any of the SHA-2 bit sizes. Right now Comodo and various other CAs are using SHA-2-384 in our ECC certs but that is based on using the NIST curves. It would not surprise me if people using SHA-2 made the same choice. It is quite clear that the CFRG ECC signature scheme will use 512 bit and that is the algorithm most likely to be used with SHA-3. Given that email recipients tend to end up having to implement all the code points in a cipher suite because they can't really control what is sent, I think it is a good plan to be a little parsimonious in selecting key sizes and avoid choosing key strengths that aren't likely to see use. On Mon, Aug 10, 2015 at 11:22 AM, Derek Atkins <derek@ihtfp.com> wrote: > ianG <iang@iang.org> writes: > > > One would be good. Suits me to go for the longest one. > > Possibly two... But the SHA3 competition has shown that SHA2 is pretty > darn good... > > > How about this: > > > > > > > >>> ID Algorithm Text Name > >>> -- --------- --------- > > > > snip > > > >>> 12 - RESERVED > >>> 13 - RESERVED > >>> 14 - RESERVED > >>> 15 - SHA3-512 [FIPS202] "SHA3-512" > > > > > > > > And while we're at it, can we add DEPRECATED to all the rest except > > SHA(2)512 ? > > I see no reason to deprecate SHA2-256. But I'm fine with all the rest. > > > iang > > -derek > -- > Derek Atkins 617-623-3745 > derek@ihtfp.com www.ihtfp.com > Computer and Internet Security Consultant > > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp >
- [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Paul Wouters
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Christoph Anton Mitterer
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Christoph Anton Mitterer
- Re: [openpgp] SHA3 algorithm ids. Stephen Farrell
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Paul Wouters
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- [openpgp] Why or why not SHA{2,3}-512 (was: SHA3 … Werner Koch
- [openpgp] WWhy or why not SHA{2,3}-512 (was: SHA3… Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Daniel Kahn Gillmor
- Re: [openpgp] SHA3 algorithm ids. Daniel Kahn Gillmor
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- [openpgp] SHA-x performance (was: SHA3 algorithm … Werner Koch
- Re: [openpgp] SHA-x performance (was: SHA3 algori… Daniel Kahn Gillmor
- Re: [openpgp] SHA-x performance (was: SHA3 algori… Peter Gutmann
- Re: [openpgp] SHA-x performance (was: SHA3 algori… Dang, Quynh
- Re: [openpgp] SHA-x performance Werner Koch
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA-x performance Werner Koch
- Re: [openpgp] Why or why not SHA{2, 3}-512 (was: … Phillip Hallam-Baker
- Re: [openpgp] SHA-x performance Peter Gutmann
- Re: [openpgp] Why or why not SHA{2, 3}-512 Werner Koch
- Re: [openpgp] SHA-x performance ianG
- Re: [openpgp] SHA-x performance Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA-x performance ianG
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA-x performance Bill Frantz
- Re: [openpgp] SHA-x performance Hilarie Orman
- Re: [openpgp] WWhy or why not SHA{2, 3}-512 (was:… Phillip Hallam-Baker
- Re: [openpgp] SHA-x performance NIIBE Yutaka
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA-x performance Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Bill Frantz
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA3 algorithm ids. Bill Frantz
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Andrey Jivsov
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Robert J. Hansen
- Re: [openpgp] SHA3 algorithm ids. Werner Koch