Re: [secdir] SHA512 in draft-dnsext-dnssec-rsa-sha2
Jelte Jansen <jelte@NLnetLabs.nl> Thu, 18 June 2009 18:44 UTC
Return-Path: <jelte@NLnetLabs.nl>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D0FCF28C37F for <secdir@core3.amsl.com>; Thu, 18 Jun 2009 11:44:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.552
X-Spam-Level:
X-Spam-Status: No, score=-1.552 tagged_above=-999 required=5 tests=[AWL=-1.048, BAYES_00=-2.599, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VMhiTyLJmRnm for <secdir@core3.amsl.com>; Thu, 18 Jun 2009 11:44:34 -0700 (PDT)
Received: from sol.nlnetlabs.nl (sol.nlnetlabs.nl [213.154.224.43]) by core3.amsl.com (Postfix) with ESMTP id 0214E3A69AE for <secdir@ietf.org>; Thu, 18 Jun 2009 11:44:34 -0700 (PDT)
Received: from jelte (vhe-520087.sshn.net [195.169.221.157]) by sol.nlnetlabs.nl (Postfix) with ESMTP id 70AC513002C; Thu, 18 Jun 2009 20:44:45 +0200 (CEST)
Received: from [192.168.8.11] (dragon [192.168.8.11]) by jelte (Postfix) with ESMTP id DD34BD0172; Thu, 18 Jun 2009 20:44:44 +0200 (CEST)
Message-ID: <4A3A8B1C.1090706@NLnetLabs.nl>
Date: Thu, 18 Jun 2009 20:44:44 +0200
From: Jelte Jansen <jelte@NLnetLabs.nl>
User-Agent: Thunderbird 2.0.0.21 (X11/20090409)
MIME-Version: 1.0
To: Paul Hoffman <phoffman@imc.org>
References: <4A3A0BEA.6090108@NLnetLabs.nl> <20090618140614.45F101BE038@kilo.networkresonance.com> <20090618151454.GH3542@shinkuro.com> <p06240804c6601c99c400@[10.20.30.158]> <20090618170248.GA4118@shinkuro.com> <p0624084dc6603011cd94@[10.20.30.158]>
In-Reply-To: <p0624084dc6603011cd94@[10.20.30.158]>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: Andrew Sullivan <ajs@shinkuro.com>, secdir@ietf.org
Subject: Re: [secdir] SHA512 in draft-dnsext-dnssec-rsa-sha2
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2009 18:44:42 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Hoffman wrote: > At 1:02 PM -0400 6/18/09, Andrew Sullivan wrote: > > "We're defining RSA/SHA-512 but we really don't think that there is any good use for it at this time. If we feel that there is a good reason for it, we will publish another RFC that explains why." > > Again, by the mere act of defining the code point, you will cause a huge waste of resources. Developers will code it prematurely. Naive sysadmins will sign their zones with it. The signatures will traverse the Internet. Just for a bit of recent history; originally the draft only defined 256. There were some people who wanted to do all SHA2 algorithms 'while we're at it' (the reasoning being, even if there is no known attack on 256 right now, it wouldn't hurt to have stronger algorithms in there to be ready for the future, not so much for the IETF overhead, but for deployment times). Because we didn't want to waste code points, we decided on selecting two. Conforming key sizes weren't taken into account here. Since most implementations use crypto libraries that either don't support SHA2 at all or support both 256 and 512, it doesn't seem like a waste of resources from an implementation point of view (of course I could be wrong here). I don't want to define something and essentially tell people not to use it until another RFC comes along; the definition could also go in there then. If it's defined I expect people to use it (in fact, partly due to some overeager developers and some misconceptions about the time this all would take, there happens to be one implementation in the wild that actually uses them right now, which isn't a problem, but will be if the code point that was chosen gets assigned to another algorithm). So, if it's up to me, SHA512 is going to be either in there 'fully' (albeit with keys that are way to small) or not at all. Jelte -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAko6ixwACgkQ4nZCKsdOncUEMQCeL+Q0TTxaKodXctBbCk4kAGTY O1AAn0QTG7lOIl1+iwT6nGqhAIOcfS6l =S4Sd -----END PGP SIGNATURE-----
- Re: [secdir] SHA512 in draft-dnsext-dnssec-rsa-sh… Andrew Sullivan
- [secdir] SHA512 in draft-dnsext-dnssec-rsa-sha2 Jelte Jansen
- Re: [secdir] SHA512 in draft-dnsext-dnssec-rsa-sh… Eric Rescorla
- Re: [secdir] SHA512 in draft-dnsext-dnssec-rsa-sh… Paul Hoffman
- Re: [secdir] SHA512 in draft-dnsext-dnssec-rsa-sh… Andrew Sullivan
- Re: [secdir] SHA512 in draft-dnsext-dnssec-rsa-sh… Paul Hoffman
- Re: [secdir] SHA512 in draft-dnsext-dnssec-rsa-sh… Jelte Jansen