[secdir] SHA512 in draft-dnsext-dnssec-rsa-sha2
Jelte Jansen <jelte@NLnetLabs.nl> Thu, 18 June 2009 09:44 UTC
Return-Path: <jelte@NLnetLabs.nl>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 05DAB3A698D for <secdir@core3.amsl.com>; Thu, 18 Jun 2009 02:44:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PU7dcQFxM+KA for <secdir@core3.amsl.com>; Thu, 18 Jun 2009 02:44:05 -0700 (PDT)
Received: from open.nlnetlabs.nl (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1]) by core3.amsl.com (Postfix) with ESMTP id A8B143A6CA3 for <secdir@ietf.org>; Thu, 18 Jun 2009 02:43:50 -0700 (PDT)
Received: from mirre.nlnetlabs.nl (open.nlnetlabs.nl [IPv6:2001:7b8:206:1:216:76ff:fecd:6a66] (may be forged)) (authenticated bits=0) by open.nlnetlabs.nl (8.14.3/8.14.3) with ESMTP id n5I9hx6i028443 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 18 Jun 2009 11:43:59 +0200 (CEST) (envelope-from jelte@NLnetLabs.nl)
Message-ID: <4A3A0BEA.6090108@NLnetLabs.nl>
Date: Thu, 18 Jun 2009 11:42:02 +0200
From: Jelte Jansen <jelte@NLnetLabs.nl>
User-Agent: Thunderbird 2.0.0.21 (X11/20090423)
MIME-Version: 1.0
To: secdir@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.2 (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::53]); Thu, 18 Jun 2009 11:43:59 +0200 (CEST)
X-Mailman-Approved-At: Thu, 18 Jun 2009 02:45:11 -0700
Cc: Andrew Sullivan <ajs@shinkuro.com>
Subject: [secdir] SHA512 in draft-dnsext-dnssec-rsa-sha2
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2009 09:44:06 -0000
Hi, I am the editor of http://tools.ietf.org/html/draft-ietf-dnsext-dnssec-rsasha256-14 which has seen its share of trouble, but is finally nearing WGLC. This draft defines the use of RSA/SHA256 and RSA/SHA512 with DNSSEC. We were about to call it, when Alfred Hoenes mentioned to me that the IESG will probably raise an issue about the use of SHA512 in this draft. For practical reasons, it does not specify keys larger than 4096 bits to use with RSA/SHA-512, while normally, much larger keysizes are chosen for use with the bigger digest values. So he suspects that this definition should be removed or reduced to SHA/384. So my question is, do you as the security directorate think the same, and should I change this before going into last call? Thanks, Jelte Jansen
- Re: [secdir] SHA512 in draft-dnsext-dnssec-rsa-sh… Andrew Sullivan
- [secdir] SHA512 in draft-dnsext-dnssec-rsa-sha2 Jelte Jansen
- Re: [secdir] SHA512 in draft-dnsext-dnssec-rsa-sh… Eric Rescorla
- Re: [secdir] SHA512 in draft-dnsext-dnssec-rsa-sh… Paul Hoffman
- Re: [secdir] SHA512 in draft-dnsext-dnssec-rsa-sh… Andrew Sullivan
- Re: [secdir] SHA512 in draft-dnsext-dnssec-rsa-sh… Paul Hoffman
- Re: [secdir] SHA512 in draft-dnsext-dnssec-rsa-sh… Jelte Jansen