IETF Logo Mail Archive

Re: [OPSEC] minutes part 2

R Atkinson <ran.atkinson@gmail.com> Mon, 29 December 2008 22:28 UTC

Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C7EFF3A67B3; Mon, 29 Dec 2008 14:28:38 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 755153A67B3 for <opsec@core3.amsl.com>; Mon, 29 Dec 2008 14:28:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e1zEJx3CeAP3 for <opsec@core3.amsl.com>; Mon, 29 Dec 2008 14:28:36 -0800 (PST)
Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.25]) by core3.amsl.com (Postfix) with ESMTP id 6587F3A6452 for <opsec@ietf.org>; Mon, 29 Dec 2008 14:28:36 -0800 (PST)
Received: by qw-out-2122.google.com with SMTP id 3so2784129qwe.31 for <opsec@ietf.org>; Mon, 29 Dec 2008 14:28:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime-version :subject:date:references:x-mailer; bh=XobhOWw7+6IvBtlS/U+kOB7+bcc759M+uV9+g8SGcw4=; b=QlbsQu2QDKevrfyCoG2Dt+tvT9ABWkX9wlvrs59dV9tvT3yFv9IPTVzQKQ7VgiuIYG VU0GoLIFOB3reh72x188yArOtAvKio+Td0PjMAItkgdg6UpSFUK3t6AQFfETegadH9P3 Hx5x1wjPPZp8cqx5SILPMbwduI1bodYQSn5Nw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:from:to:in-reply-to:content-type :content-transfer-encoding:mime-version:subject:date:references :x-mailer; b=ds17QqUqOqZ3YXrRjo3ynWcmyNBLTbjgbILsoLoCVoUhDsURMdbVL/8QiyzabU8Hwe /q6nH77y+iln5gXdWSRflg9vVjfg2sXe4fyJF//Vmm7SBug8K8I+jnGbCAiwYV16UOvK f2N47CsYes44izfJeNJcoapm7EqqvN0ZSm0M0=
Received: by 10.214.242.13 with SMTP id p13mr11827903qah.75.1230589705064; Mon, 29 Dec 2008 14:28:25 -0800 (PST)
Received: from ?10.30.20.71? (pool-72-84-80-181.nrflva.fios.verizon.net [72.84.80.181]) by mx.google.com with ESMTPS id 5sm2067769ywl.1.2008.12.29.14.28.24 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 29 Dec 2008 14:28:24 -0800 (PST)
Message-Id: <A7576232-5353-42D7-A956-B78C835C1969@gmail.com>
From: R Atkinson <ran.atkinson@gmail.com>
To: opsec@ietf.org
In-Reply-To: <77ead0ec0812291400g5819c929y718683de7fa3ed45@mail.gmail.com>
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Mon, 29 Dec 2008 17:28:23 -0500
References: <EC3F7E1D-F7C8-484A-A0C0-1A25E79AD86E@extremenetworks.com> <494D48B6.9090302@bogus.com> <77ead0ec0812222113m28f91093ke6512a5d7a287b0c@mail.gmail.com> <1D5F3F5F-4357-4E25-BEDE-35300949EDB8@gmail.com> <77ead0ec0812231006u55443dacn1731f51a8e922b62@mail.gmail.com> <8CA72870-DEB9-4979-8478-ED5467AF3DD3@gmail.com> <77ead0ec0812231556t73e24f17m9d52862672b22dc5@mail.gmail.com> <4070E95B-4E30-4B1F-90F1-B20F67EDEDFF@gmail.com> <77ead0ec0812291316h75c87da3i190cb23996e09a10@mail.gmail.com> <104A40DD-D2FB-48F2-A5D2-28C0E4ADA663@gmail.com> <77ead0ec0812291400g5819c929y718683de7fa3ed45@mail.gmail.com>
X-Mailer: Apple Mail (2.930.3)
Subject: Re: [OPSEC] minutes part 2
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

On  29 Dec 2008, at 17:00, Vishwas Manral wrote:
> "Regardless of use, NIST encourages application and protocol designers
> to use the SHA-2 family of hash functions for all new applications and
> protocols."

Really, folks can (and likely have) read the whole URL by now.

Your quote above continues to be presented out of context.

The context of the quote is that SHA-0 and SHA-1 ought not be used,
so NIST considers SHA-2 preferable to SHA-0 and SHA-1.  As I've
*repeatedly* said, this is not surprising.  NIST only recommends
NIST algorithms.  NIST's only hash algorithm at present is SHA.
SHA-2 is the form of SHA with the longest key size.  NIST has
to recommend some NIST algorithm.  So the outcome is not a surprise.

In the interest of WG list bandwidth, and at the suggestion of
private email from some on this list, I will probably start
ignoring your notes about this narrow topic -- until you can
provide a refereed paper or two.

I can't tell if there is a language issue here or something else
is going on, but repetition isn't helping the WG make headway.

I've also asked Hugo if he might be kind enough to send
some citations to relevant refereed papers directly to this list.
Then folks here can read and review collectively whatever
appears from whomever finds any such papers.

> I agree AES took about 9 years to be mandated in
> say the IPsec RFC (so a bit lesser than 10 years).


You must have misread my note.  AES-CBC for IPsec shipped
in about 12 months, not 9 years.  AES-CBC for ESP shipped
well before the RFC was published, as I recall.

Oh, and NIST selecting AES took about 4 years (URL below
says 1997 to 2000/2001).

NIST's web page also says they expect to announce a new
hash function in 2012 (URL below).  Four years is somewhat
less than half of "10 years" from now.

Yours,

Ran


NIST Hash Timeline (includes AES timeline also):
	<http://csrc.nist.gov/groups/ST/hash/timeline.html>


_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

v2.23.0 | Report a Bug | By Email