IETF Logo Mail Archive

Re: [secdir] SHA512 in draft-dnsext-dnssec-rsa-sha2

Paul Hoffman <phoffman@imc.org> Thu, 18 June 2009 16:35 UTC

Return-Path: <phoffman@imc.org>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 981D63A685E for <secdir@core3.amsl.com>; Thu, 18 Jun 2009 09:35:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.324
X-Spam-Level:
X-Spam-Status: No, score=-2.324 tagged_above=-999 required=5 tests=[AWL=0.275, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4OggkZH-1X6T for <secdir@core3.amsl.com>; Thu, 18 Jun 2009 09:35:38 -0700 (PDT)
Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 5B0433A6842 for <secdir@ietf.org>; Thu, 18 Jun 2009 09:35:38 -0700 (PDT)
Received: from [10.20.30.158] (dsl-63-249-108-169.static.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5IGZk0I017055 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 18 Jun 2009 09:35:47 -0700 (MST) (envelope-from phoffman@imc.org)
Mime-Version: 1.0
Message-Id: <p06240804c6601c99c400@[10.20.30.158]>
In-Reply-To: <20090618151454.GH3542@shinkuro.com>
References: <4A3A0BEA.6090108@NLnetLabs.nl> <20090618140614.45F101BE038@kilo.networkresonance.com> <20090618151454.GH3542@shinkuro.com>
Date: Thu, 18 Jun 2009 09:35:44 -0700
To: Andrew Sullivan <ajs@shinkuro.com>, Eric Rescorla <ekr@networkresonance.com>
From: Paul Hoffman <phoffman@imc.org>
Content-Type: text/plain; charset="us-ascii"
Cc: Jelte Jansen <jelte@NLnetLabs.nl>, secdir@ietf.org
Subject: Re: [secdir] SHA512 in draft-dnsext-dnssec-rsa-sha2
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2009 16:35:39 -0000

At 11:14 AM -0400 6/18/09, Andrew Sullivan wrote:
>On Thu, Jun 18, 2009 at 07:06:14AM -0700, Eric Rescorla wrote:
>>
>> Well, I would ask why you're specifying either 384 or 512.
>>
>> SHA-256 would have to be weakened *very* badly before it would
>> be necessary to move up, at which point what makes you think
>> that SHA-384/512 will be strong?
>
>The point of this is just to get things done.  It has taken a
>remarkably long time to get this SHA-2 draft through the WG -- the
>current revision is -14, and when we started everyone (including the
>incredibly patient Jelte) thought this was a quick housekeeping
>problem.  The draft specifies 256, but while we were at it we thought
>512 might be a good idea too, so that it'd be done in case we needed
>it later.
>
>Does that change your response?

In the security area, we have discovered that if something security-related is defined, people will use it even if it is stupid. "That's a bigger number, so it will be safer" is a common theme, but so is "they would not have specified that algorithm unless they wanted everyone to implement it".

Thus, I think Eric's question still stands. Your response in the document could be "we define this because of the IETF overhead of doing so, not because we want you to use it now", but I suspect that will only reduce the number of people who use the signature algorithm for absolutely no good reason by less than 50%.

v2.23.0 | Report a Bug | By Email