Re: [TLS] FNV versus SHA-1 in cached info
Nicolas Williams <Nicolas.Williams@oracle.com> Fri, 07 May 2010 20:21 UTC
Return-Path: <Nicolas.Williams@oracle.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1D86A3A6980 for <tls@core3.amsl.com>; Fri, 7 May 2010 13:21:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.3
X-Spam-Level:
X-Spam-Status: No, score=-1.3 tagged_above=-999 required=5 tests=[AWL=-1.116, BAYES_40=-0.185, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YepdpxPVsJFn for <tls@core3.amsl.com>; Fri, 7 May 2010 13:21:43 -0700 (PDT)
Received: from rcsinet10.oracle.com (rcsinet10.oracle.com [148.87.113.121]) by core3.amsl.com (Postfix) with ESMTP id 62D163A69A1 for <tls@ietf.org>; Fri, 7 May 2010 13:21:26 -0700 (PDT)
Received: from rcsinet13.oracle.com (rcsinet13.oracle.com [148.87.113.125]) by rcsinet10.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o47KL8ZK002303 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 7 May 2010 20:21:09 GMT
Received: from acsmt354.oracle.com (acsmt354.oracle.com [141.146.40.154]) by rcsinet13.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o47KL6Gv010648; Fri, 7 May 2010 20:21:07 GMT
Received: from abhmt019.oracle.com by acsmt355.oracle.com with ESMTP id 223901381273263660; Fri, 07 May 2010 13:21:00 -0700
Received: from oracle.com (/129.153.128.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 07 May 2010 13:21:00 -0700
Date: Fri, 07 May 2010 15:20:55 -0500
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: Stefan Santesson <stefan@aaa-sec.com>
Message-ID: <20100507202055.GK9429@oracle.com>
References: <C809D93D.A4C1%uri@ll.mit.edu> <C80A3D80.A9E5%stefan@aaa-sec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <C80A3D80.A9E5%stefan@aaa-sec.com>
User-Agent: Mutt/1.5.20 (2010-03-02)
X-Auth-Type: Internal IP
X-Source-IP: rcsinet13.oracle.com [148.87.113.125]
X-CT-RefId: str=0001.0A090203.4BE47636.008B:SCFMA4539811,ss=1,fgs=0
Cc: Simon Josefsson <simon@josefsson.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] FNV versus SHA-1 in cached info
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 May 2010 20:21:44 -0000
On Fri, May 07, 2010 at 09:58:24PM +0200, Stefan Santesson wrote: > Let me remind that we started off with SHA-1 with no agility. > > That kicked off a lot of debate whether agility was required and the general > opinion was that we needed agility, so agility was added. Your use is not for cryptographic purposes, therefore you don't need hash agility. In GS2, for example, we use a hash function to derive SASL mechanism names from GSS-API mechanism OIDs. We don't care about collisions, and there are no attacks on hash functions that result in attacks on GS2 from this use of hashing. Hash agility in the GS2 case would be worse than stupid: changing hash functions would break applications. The answer to "where's the hash agility?" is "we don't need it because we're not using SHA-1 for its cryptographic properties". By accepting that "hash agility" goes with "cryptographic hash function" even when you don't ndeed nor depend on its cryptographic properties you've simply caused yourself to do a sizeable amount of pointless work (FNV). And not just you, but also implementors (yeah, if they use one of the languages for which you include implementations then they can cut-n-paste from your document, after getting approval from their lawyers). Why do this to yourself and to the rest of us when there's a much better answer? Nico --
- Re: [TLS] FNV versus SHA-1 in cached info Kemp, David P.
- Re: [TLS] FNV versus SHA-1 in cached info Stefan Santesson
- [TLS] FNV versus SHA-1 in cached info Stefan Santesson
- Re: [TLS] FNV versus SHA-1 in cached info Stefan Santesson
- Re: [TLS] FNV versus SHA-1 in cached info Simon Josefsson
- Re: [TLS] FNV versus SHA-1 in cached info Kemp, David P.
- Re: [TLS] FNV versus SHA-1 in cached info Adam Langley
- Re: [TLS] FNV versus SHA-1 in cached info Nicolas Williams
- Re: [TLS] FNV versus SHA-1 in cached info Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] FNV versus SHA-1 in cached info Nicolas Williams
- Re: [TLS] FNV versus SHA-1 in cached info Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] FNV versus SHA-1 in cached info Stefan Santesson
- Re: [TLS] FNV versus SHA-1 in cached info Nicolas Williams
- Re: [TLS] FNV versus SHA-1 in cached info Michael D'Errico
- Re: [TLS] FNV versus SHA-1 in cached info Kemp, David P.
- Re: [TLS] FNV versus SHA-1 in cached info Nicolas Williams
- Re: [TLS] FNV versus SHA-1 in cached info Stefan Santesson
- Re: [TLS] FNV versus SHA-1 in cached info Nicolas Williams
- Re: [TLS] FNV versus SHA-1 in cached info Paul Hoffman