IETF Logo Mail Archive

Re: NIST publishes new DSA draft

Ian G <iang@systemics.com> Mon, 20 March 2006 20:15 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FLQmZ-0008Ar-7M for openpgp-archive@lists.ietf.org; Mon, 20 Mar 2006 15:15:15 -0500
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FLQmX-0001EY-Gi for openpgp-archive@lists.ietf.org; Mon, 20 Mar 2006 15:15:15 -0500
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2KJejPt025405; Mon, 20 Mar 2006 12:40:45 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k2KJejo6025404; Mon, 20 Mar 2006 12:40:45 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mailgate.enhyper.net ([80.168.109.121]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2KJeibK025398 for <ietf-openpgp@imc.org>; Mon, 20 Mar 2006 12:40:45 -0700 (MST) (envelope-from iang@systemics.com)
Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 2384451D85; Mon, 20 Mar 2006 19:40:41 +0000 (GMT)
Message-ID: <441F04C7.1060909@systemics.com>
Date: Mon, 20 Mar 2006 20:38:47 +0100
From: Ian G <iang@systemics.com>
Organization: http://financialcryptography.com/
User-Agent: Mozilla Thunderbird 1.0.6 (X11/20051013)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Jon Callas <jon@callas.org>
Cc: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: NIST publishes new DSA draft
References: <20060314194447.4D59A57FB0@finney.org> <20060316192823.GA9945@jabberwocky.com> <441ACF45.704@systemics.com> <87fylhdq36.fsf@wheatstone.g10code.de> <20060317174937.GC13241@jabberwocky.com> <3C3EAEDD-7724-4E92-AA3C-49B5B2E6F3F9@callas.org>
In-Reply-To: <3C3EAEDD-7724-4E92-AA3C-49B5B2E6F3F9@callas.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 798b2e660f1819ae38035ac1d8d5e3ab

Jon Callas wrote:
> 
> I think we ought to keep it with the same algorithm number.
> 
> I'm happy to put in SHA-224 (meaning it's trivial work), but I don't  
> like it, myself. The reason is that SHA-224 is really a truncated  
> SHA-256. Thus, it has no advantages over SHA-256 except being smaller  
> by 32-bits with 112 bits of security. The reason it exists at all is  
> for crypto-balance with 2-key 3DES (which is not TDEA), which we  don't 
> allow at all. I don't think we should have it as it goes  against our 
> principles of wanting a minimum of 128-bits of security  in OpenPGP. 
> (Yes, yes, I know that SHA-1 doesn't meet this either,  but until 
> SHA-256, we didn't have many options. That doesn't mean the  principle 
> is wrong; we *have* options.)

In general I'd agree that the less algorithms/lengths
the better.  I'd certainly be keen to drop SHA-224 if
there is no good reason for it.

iang

v2.23.0 | Report a Bug | By Email