Re: [OPSEC] minutes part 2
R Atkinson <ran.atkinson@gmail.com> Mon, 29 December 2008 22:28 UTC
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C7EFF3A67B3; Mon, 29 Dec 2008 14:28:38 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 755153A67B3 for <opsec@core3.amsl.com>; Mon, 29 Dec 2008 14:28:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e1zEJx3CeAP3 for <opsec@core3.amsl.com>; Mon, 29 Dec 2008 14:28:36 -0800 (PST)
Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.25]) by core3.amsl.com (Postfix) with ESMTP id 6587F3A6452 for <opsec@ietf.org>; Mon, 29 Dec 2008 14:28:36 -0800 (PST)
Received: by qw-out-2122.google.com with SMTP id 3so2784129qwe.31 for <opsec@ietf.org>; Mon, 29 Dec 2008 14:28:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime-version :subject:date:references:x-mailer; bh=XobhOWw7+6IvBtlS/U+kOB7+bcc759M+uV9+g8SGcw4=; b=QlbsQu2QDKevrfyCoG2Dt+tvT9ABWkX9wlvrs59dV9tvT3yFv9IPTVzQKQ7VgiuIYG VU0GoLIFOB3reh72x188yArOtAvKio+Td0PjMAItkgdg6UpSFUK3t6AQFfETegadH9P3 Hx5x1wjPPZp8cqx5SILPMbwduI1bodYQSn5Nw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:from:to:in-reply-to:content-type :content-transfer-encoding:mime-version:subject:date:references :x-mailer; b=ds17QqUqOqZ3YXrRjo3ynWcmyNBLTbjgbILsoLoCVoUhDsURMdbVL/8QiyzabU8Hwe /q6nH77y+iln5gXdWSRflg9vVjfg2sXe4fyJF//Vmm7SBug8K8I+jnGbCAiwYV16UOvK f2N47CsYes44izfJeNJcoapm7EqqvN0ZSm0M0=
Received: by 10.214.242.13 with SMTP id p13mr11827903qah.75.1230589705064; Mon, 29 Dec 2008 14:28:25 -0800 (PST)
Received: from ?10.30.20.71? (pool-72-84-80-181.nrflva.fios.verizon.net [72.84.80.181]) by mx.google.com with ESMTPS id 5sm2067769ywl.1.2008.12.29.14.28.24 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 29 Dec 2008 14:28:24 -0800 (PST)
Message-Id: <A7576232-5353-42D7-A956-B78C835C1969@gmail.com>
From: R Atkinson <ran.atkinson@gmail.com>
To: opsec@ietf.org
In-Reply-To: <77ead0ec0812291400g5819c929y718683de7fa3ed45@mail.gmail.com>
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Mon, 29 Dec 2008 17:28:23 -0500
References: <EC3F7E1D-F7C8-484A-A0C0-1A25E79AD86E@extremenetworks.com> <494D48B6.9090302@bogus.com> <77ead0ec0812222113m28f91093ke6512a5d7a287b0c@mail.gmail.com> <1D5F3F5F-4357-4E25-BEDE-35300949EDB8@gmail.com> <77ead0ec0812231006u55443dacn1731f51a8e922b62@mail.gmail.com> <8CA72870-DEB9-4979-8478-ED5467AF3DD3@gmail.com> <77ead0ec0812231556t73e24f17m9d52862672b22dc5@mail.gmail.com> <4070E95B-4E30-4B1F-90F1-B20F67EDEDFF@gmail.com> <77ead0ec0812291316h75c87da3i190cb23996e09a10@mail.gmail.com> <104A40DD-D2FB-48F2-A5D2-28C0E4ADA663@gmail.com> <77ead0ec0812291400g5819c929y718683de7fa3ed45@mail.gmail.com>
X-Mailer: Apple Mail (2.930.3)
Subject: Re: [OPSEC] minutes part 2
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org
On 29 Dec 2008, at 17:00, Vishwas Manral wrote: > "Regardless of use, NIST encourages application and protocol designers > to use the SHA-2 family of hash functions for all new applications and > protocols." Really, folks can (and likely have) read the whole URL by now. Your quote above continues to be presented out of context. The context of the quote is that SHA-0 and SHA-1 ought not be used, so NIST considers SHA-2 preferable to SHA-0 and SHA-1. As I've *repeatedly* said, this is not surprising. NIST only recommends NIST algorithms. NIST's only hash algorithm at present is SHA. SHA-2 is the form of SHA with the longest key size. NIST has to recommend some NIST algorithm. So the outcome is not a surprise. In the interest of WG list bandwidth, and at the suggestion of private email from some on this list, I will probably start ignoring your notes about this narrow topic -- until you can provide a refereed paper or two. I can't tell if there is a language issue here or something else is going on, but repetition isn't helping the WG make headway. I've also asked Hugo if he might be kind enough to send some citations to relevant refereed papers directly to this list. Then folks here can read and review collectively whatever appears from whomever finds any such papers. > I agree AES took about 9 years to be mandated in > say the IPsec RFC (so a bit lesser than 10 years). You must have misread my note. AES-CBC for IPsec shipped in about 12 months, not 9 years. AES-CBC for ESP shipped well before the RFC was published, as I recall. Oh, and NIST selecting AES took about 4 years (URL below says 1997 to 2000/2001). NIST's web page also says they expect to announce a new hash function in 2012 (URL below). Four years is somewhat less than half of "10 years" from now. Yours, Ran NIST Hash Timeline (includes AES timeline also): <http://csrc.nist.gov/groups/ST/hash/timeline.html> _______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec
- [OPSEC] minutes part 2 Joel Jaeggli
- Re: [OPSEC] minutes part 2 RJ Atkinson
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 Glen Kent
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 Glen Kent
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 R Atkinson
- [OPSEC] Prospective issue with IPsec ESP-NULL & I… R Atkinson
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] Prospective issue with IPsec ESP-NULL… Vishwas Manral
- Re: [OPSEC] Prospective issue with IPsec ESP-NULL… R Atkinson
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] Prospective issue with IPsec ESP-NULL… Vishwas Manral
- Re: [OPSEC] Prospective issue with IPsec ESP-NULL… R Atkinson
- Re: [OPSEC] minutes part 2 Glen Kent
- Re: [OPSEC] minutes part 2 Glen Kent
- Re: [OPSEC] minutes part 2 Glen Kent
- Re: [OPSEC] minutes part 2 Glen Kent
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] Prospective issue with IPsec ESP-NULL… Vishwas Manral
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 Bhatia, Manav (Manav)
- Re: [OPSEC] minutes part 2 Bhatia, Manav (Manav)
- Re: [OPSEC] minutes part 2 Glen Kent
- Re: [OPSEC] minutes part 2 Glen Kent
- Re: [OPSEC] Prospective issue with IPsec ESP-NULL… Darrel Lewis (darlewis)
- Re: [OPSEC] minutes part 2 Darrel Lewis (darlewis)
- Re: [OPSEC] minutes part 2 Bhatia, Manav (Manav)
- Re: [OPSEC] minutes part 2 Bhatia, Manav (Manav)
- Re: [OPSEC] minutes part 2 Joel Jaeggli
- Re: [OPSEC] minutes part 2 RJ Atkinson
- Re: [OPSEC] minutes part 2 RJ Atkinson
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 Glen Kent
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 Joel Jaeggli
- Re: [OPSEC] minutes part 2 Joel Jaeggli
- Re: [OPSEC] minutes part 2 RJ Atkinson
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 Joel Jaeggli
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 Vishwas Manral
- [OPSEC] FW: minutes part 2 Michael Barnes
- Re: [OPSEC] FW: minutes part 2 Smith, Donald
- Re: [OPSEC] FW: minutes part 2 Michael Barnes
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 R Atkinson
- Re: [OPSEC] minutes part 2 Vishwas Manral
- Re: [OPSEC] minutes part 2 R Atkinson