Re: [Sam Hartman] Openpgp comments

"Marko Kreen" <markokr@gmail.com> Fri, 22 September 2006 13:16 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GQktc-0004rX-3L for openpgp-archive@lists.ietf.org; Fri, 22 Sep 2006 09:16:48 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GQkta-0001B0-NH for openpgp-archive@lists.ietf.org; Fri, 22 Sep 2006 09:16:48 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k8MCf8nK042123; Fri, 22 Sep 2006 05:41:08 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k8MCf8g2042122; Fri, 22 Sep 2006 05:41:08 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.191]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k8MCf5du042113 for <ietf-openpgp@imc.org>; Fri, 22 Sep 2006 05:41:06 -0700 (MST) (envelope-from markokr@gmail.com)
Received: by nf-out-0910.google.com with SMTP id o60so1055945nfa for <ietf-openpgp@imc.org>; Fri, 22 Sep 2006 05:41:05 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=T3RcVcsfilDDPyjLtB2AvszwYGHYUiLeVmQJJgAVopQjlr5n1pS4IMz8XYDYWZuHpkEg4h/Z7uEeMc98acbP+9/mfnjF7mbcplFINsdZFtf2ZX+aFBlFyFNVcDbMAdGaAafCIGp0ZGBw0VmrJ7zO7rDr9YHanKQ8Snsg3sOs9so=
Received: by 10.49.8.1 with SMTP id l1mr1918809nfi; Fri, 22 Sep 2006 05:41:04 -0700 (PDT)
Received: by 10.49.65.12 with HTTP; Fri, 22 Sep 2006 05:41:04 -0700 (PDT)
Message-ID: <e51f66da0609220541p47ed73ecke4d5599114f1eff2@mail.gmail.com>
Date: Fri, 22 Sep 2006 15:41:04 +0300
From: "Marko Kreen" <markokr@gmail.com>
To: "Werner Koch" <wk@gnupg.org>
Subject: Re: [Sam Hartman] Openpgp comments
Cc: "Anton Stiglic" <astiglic@okiok.com>, "Daniel A. Nagy" <nagydani@epointsystem.org>, OpenPGP <ietf-openpgp@imc.org>
In-Reply-To: <874pv24sey.fsf@wheatstone.g10code.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <20060920115146.9E8981683A9@mail.okiok.com> <874pv24sey.fsf@wheatstone.g10code.de>
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 97adf591118a232206bdb5a27b217034

On 9/20/06, Werner Koch <wk@gnupg.org> wrote:
> On Wed, 20 Sep 2006 13:40, Anton Stiglic said:
> > NIST is planning to phase out SHA-1 by 2010, they are going with SHA-224,
> > SHA-256, SHA-384 and SHA-512.
> > http://csrc.nist.gov/hash_standards_comments.pdf
> >
> > In Canada, CSE will phase out SHA-1 for protected C information by 2008.
>
> A note to describe why we use SHA-1 with the MDC would really be
> appropriate.  We are not using it for authentication but to detect
> manipulation of data.  This is commonly known as a checksum.  Thus,
> the acronym MDC and not MAC.  To me detection and authentication have
> different semantics.
>
> It has been said a few times: The MDC is not what we need to care
> about when thinking of SHA-1 vulnerabilities.  There are other usages
> of SHA-1 we need to rethink.

And that reasoning should be in 2440bis.

I think it's too early to get excited about politics.  The issue is
much simpler - non-experts are in no position to 'evaluate' OpenPGP's
use of SHA-1, they depend on the opinion on experts whether an algorithm
is generally secure.

So if 2440bis wants to appear secure by today's standards (for
general public), it needs to either use generally known safe algorithms
or explicitly document that the weaknesses in older algorithms it uses
are taken account of.

-- 
marko