Re: [TLS] Consensus Call: FNV vs SHA1

[Paul Hoffman <paul.hoffman@vpnc.org>]

At 2:09 PM -0500 5/10/10, Nicolas Williams wrote:
>On Mon, May 10, 2010 at 10:39:28AM -0700, Joseph Salowey (jsalowey) wrote:
>> I don't see much new being added to this discussion at this point.  I'd
>> like to close on this.  If you have an opinion please indicate if:
>>
>> a) You favor SHA-1
>> b) You favor FNV-1a
>
>I lean towards (a) from a purely political point of view: I don't think
>it's a good idea to train auditors to act reflexively.  However, from a
>purely technical point of view I have no preference whatsoever at this
>time, but I'd like answers to my questions below.
>
>If the consensus is (b) then I think the following changes should be
>made:
>
> - Add an informative reference to FNV (and expand the acronym).
>
> - Refer to FNV as a checksum (or even hash, or better, non-
>   cryptographic hash) rather than as a digest.
>
>   In the context of TLS )RFC5246), "digest" definitely refers to
>   cryptographic hash functions.  We should not confuse the terminology.
>
> - Add a description of what happens if cached object checksums collide.
>
>   No, the current security considerations section doesn't deal with
>   this, and rightly so _if_ collisions are not a security problem, but
>   what happens when there are collisions?  Do hanshakes fail?
>
>   Also, could caching have been done without reference to hash
>   functions?  E.g., by having servers assign IDs to objects for client
>   caching?  Is it too late to consider this approach?

Again, +1 to what Nico says here. If we're trying to make using FNV sensible for future use as well, let's do the work to get it right here.

--Paul Hoffman, Director
--VPN Consortium