Re: [Sam Hartman] Openpgp comments

"Marko Kreen" <markokr@gmail.com> Fri, 22 September 2006 13:16 UTC

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=T3RcVcsfilDDPyjLtB2AvszwYGHYUiLeVmQJJgAVopQjlr5n1pS4IMz8XYDYWZuHpkEg4h/Z7uEeMc98acbP+9/mfnjF7mbcplFINsdZFtf2ZX+aFBlFyFNVcDbMAdGaAafCIGp0ZGBw0VmrJ7zO7rDr9YHanKQ8Snsg3sOs9so=
Message-ID: <e51f66da0609220541p47ed73ecke4d5599114f1eff2@mail.gmail.com>
Date: Fri, 22 Sep 2006 15:41:04 +0300
From: Marko Kreen <markokr@gmail.com>
To: Werner Koch <wk@gnupg.org>
Subject: Re: [Sam Hartman] Openpgp comments
Cc: Anton Stiglic <astiglic@okiok.com>, "Daniel A. Nagy" <nagydani@epointsystem.org>, OpenPGP <ietf-openpgp@imc.org>
In-Reply-To: <874pv24sey.fsf@wheatstone.g10code.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <20060920115146.9E8981683A9@mail.okiok.com> <874pv24sey.fsf@wheatstone.g10code.de>
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk

On 9/20/06, Werner Koch <wk@gnupg.org> wrote:
> On Wed, 20 Sep 2006 13:40, Anton Stiglic said:
> > NIST is planning to phase out SHA-1 by 2010, they are going with SHA-224,
> > SHA-256, SHA-384 and SHA-512.
> > http://csrc.nist.gov/hash_standards_comments.pdf
> >
> > In Canada, CSE will phase out SHA-1 for protected C information by 2008.
>
> A note to describe why we use SHA-1 with the MDC would really be
> appropriate.  We are not using it for authentication but to detect
> manipulation of data.  This is commonly known as a checksum.  Thus,
> the acronym MDC and not MAC.  To me detection and authentication have
> different semantics.
>
> It has been said a few times: The MDC is not what we need to care
> about when thinking of SHA-1 vulnerabilities.  There are other usages
> of SHA-1 we need to rethink.

And that reasoning should be in 2440bis.

I think it's too early to get excited about politics.  The issue is
much simpler - non-experts are in no position to 'evaluate' OpenPGP's
use of SHA-1, they depend on the opinion on experts whether an algorithm
is generally secure.

So if 2440bis wants to appear secure by today's standards (for
general public), it needs to either use generally known safe algorithms
or explicitly document that the weaknesses in older algorithms it uses
are taken account of.

-- 
marko

[Sam Hartman] Openpgp comments Derek Atkins
Re: [Sam Hartman] Openpgp comments "Hal Finney"
Re: [Sam Hartman] Openpgp comments Jon Callas
Re: [Sam Hartman] Openpgp comments David Shaw
Re: [Sam Hartman] Openpgp comments Ian G
Re: [Sam Hartman] Openpgp comments Werner Koch
Re: [Sam Hartman] Openpgp comments Ian G
Re: [Sam Hartman] Openpgp comments David Shaw
Re: [Sam Hartman] Openpgp comments Werner Koch
Re: [Sam Hartman] Openpgp comments David Shaw
Re: [Sam Hartman] Openpgp comments Ian G
Re: [Sam Hartman] Openpgp comments Jon Callas
Re: [Sam Hartman] Openpgp comments Daniel A. Nagy
Re: [Sam Hartman] Openpgp comments David Shaw
Re: [Sam Hartman] Openpgp comments Daniel A. Nagy
RE: [Sam Hartman] Openpgp comments Anton Stiglic
Re: [Sam Hartman] Openpgp comments Werner Koch
Re: [Sam Hartman] Openpgp comments Lutz Donnerhacke
Re: [Sam Hartman] Openpgp comments Marko Kreen