Re: [secdir] a few new algs and a bunch of deprecation
Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 04 November 2015 04:22 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A31B1A916B for <secdir@ietfa.amsl.com>; Tue, 3 Nov 2015 20:22:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SzkVJoGz0LK2 for <secdir@ietfa.amsl.com>; Tue, 3 Nov 2015 20:22:44 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D80711A9154 for <secdir@ietf.org>; Tue, 3 Nov 2015 20:22:43 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id AB7BFBE2F; Wed, 4 Nov 2015 04:22:42 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JtJ6CexFfc-k; Wed, 4 Nov 2015 04:22:41 +0000 (GMT)
Received: from [133.93.24.87] (unknown [133.93.24.87]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 91544BDF9; Wed, 4 Nov 2015 04:22:39 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1446610961; bh=UYdkLN24NpAp7lH5prfvY45T1C/02fRxaJRfNFVXfpk=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=sdLSGwf5sHSZAUZmhYiiu1as/CVYZqx/zzaUqy8C5ZAq4zw58UkqOmrutBK2RufLL rocRDPbimuOdqpNdZE5D57oRZH+Q0XbStzNCXoIFBz/zxWu8wpOXKOa8aNF+2NTzGn JGP9XT97RY4sK24Xe5AHdjpVg0MdxQmdf5+CsuAs=
To: Yoav Nir <ynir.ietf@gmail.com>, Simon Josefsson <simon@josefsson.org>
References: <56383A36.3020200@cs.tcd.ie> <20151103095611.33a536b9@latte.josefsson.org> <5113E79E-D8DA-4B19-A730-2EDC58FCE41A@gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <56398808.6000005@cs.tcd.ie>
Date: Wed, 04 Nov 2015 04:22:32 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <5113E79E-D8DA-4B19-A730-2EDC58FCE41A@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/1cAMK1DdP5ESbpP2IF_mG3oWDpM>
Cc: "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] a few new algs and a bunch of deprecation
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Nov 2015 04:22:46 -0000
As nobody said this was crazy, I'll shoot a mail to saag and we can discuss it there. The issue of how this would relate to existing WGs is clearly a fine one to chat about. Cheers, S. On 03/11/15 12:48, Yoav Nir wrote: > >> On 3 Nov 2015, at 5:56 PM, Simon Josefsson <simon@josefsson.org> wrote: >> >> I'm following Curve25519/Ed25519 use in IETF protocols and is >> interested in helping that effort. It seems the intersection between >> this putative WG and existing WGs needs to be carefully explained >> though, it isn't clear to me how it could be done. Isn't deprecating >> crypto parts of a protocol up to each protocol community to think >> about? We've seen with TLS, OpenPGP, Secure Shell and PKIX that >> adding Curve25519/Ed25519 is highly protocol specific and requires >> domain knowledge. > > My take on this is the exact opposite. We’ve added ChaCha20/Poly1305 to SSH and TLS and IPsec. Same algorithm in all three (yes, I know SSH uses the old construction). > > We’re adding Curve25519/Ed25519 to SSH and TLS and IKE and PGP and PKIX. Same algorithm for all of them. > > Is it safe to use SHA-1 in signatures? Regardless of what you think the answer is, it is the same in TLS and PGP and IKE and SSH and PKIX. > > I think the best thing with such algorithms is to have guidance documents from either CFRG or Security AD-sponsored, and then have the separate protocol documents be little more than code point allocations. > > Yoav >
- [secdir] a few new algs and a bunch of deprecation Stephen Farrell
- Re: [secdir] a few new algs and a bunch of deprec… Simon Josefsson
- Re: [secdir] a few new algs and a bunch of deprec… Yoav Nir
- Re: [secdir] a few new algs and a bunch of deprec… Stephen Farrell
- Re: [secdir] a few new algs and a bunch of deprec… Simon Josefsson
- Re: [secdir] a few new algs and a bunch of deprec… Stephen Farrell