Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft
Stefan Santesson <stefan@aaa-sec.com> Thu, 25 February 2010 13:25 UTC
Return-Path: <stefan@aaa-sec.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7636628C101 for <tls@core3.amsl.com>; Thu, 25 Feb 2010 05:25:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.171
X-Spam-Level:
X-Spam-Status: No, score=-2.171 tagged_above=-999 required=5 tests=[AWL=0.078, BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16dkbF1+Iv22 for <tls@core3.amsl.com>; Thu, 25 Feb 2010 05:25:56 -0800 (PST)
Received: from s87.loopia.se (s87.loopia.se [194.9.95.114]) by core3.amsl.com (Postfix) with ESMTP id C733928C0FB for <tls@ietf.org>; Thu, 25 Feb 2010 05:25:54 -0800 (PST)
Received: from s42.loopia.se (s34.loopia.se [194.9.94.70]) by s87.loopia.se (Postfix) with ESMTP id 56413360FF8 for <tls@ietf.org>; Thu, 25 Feb 2010 14:27:51 +0100 (CET)
Received: (qmail 31062 invoked from network); 25 Feb 2010 13:27:46 -0000
Received: from 213-64-142-247-no153.business.telia.com (HELO [192.168.1.16]) (stefan@fiddler.nu@[213.64.142.247]) (envelope-sender <stefan@aaa-sec.com>) by s42.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <ynir@checkpoint.com>; 25 Feb 2010 13:27:46 -0000
User-Agent: Microsoft-Entourage/12.23.0.091001
Date: Thu, 25 Feb 2010 14:27:39 +0100
From: Stefan Santesson <stefan@aaa-sec.com>
To: Yoav Nir <ynir@checkpoint.com>, Marsh Ray <marsh@extendedsubset.com>
Message-ID: <C7AC395B.892B%stefan@aaa-sec.com>
Thread-Topic: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft
Thread-Index: Acq14KaIPT7dp+jVSzy6IrLBfIVHvwAPaZvm
In-Reply-To: <848CABEF-60CE-4CCD-A65C-EA5BB4DB4087@checkpoint.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc: "Kemp, David P." <DPKemp@missi.ncsc.mil>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2010 13:25:57 -0000
I think this issue is blown totally out of any reasonable proportions. This is not the first time a hash is used to provide an identifier where no strong collision resistance is required. I don't want to break my back to avoid using a perfectly suitable hash algorithm just for political reasons. /Stefan On 10-02-25 7:06 AM, "Yoav Nir" <ynir@checkpoint.com> wrote: > Something like this algorithm also has the benefit of side-stepping the whole > national algorithms issue. > > While "American" crypto algorithms may be unacceptable in Russia, perhaps an > "American" non-crypto algorithms would be acceptable, and we won't need a GOST > version. > > (or Camelia) > > On Feb 24, 2010, at 11:02 PM, Marsh Ray wrote: > >> Kemp, David P. wrote: >>> Marsh Ray wrote: >>>> It will not be so fun to convince reviewers that "yes we're using >>>> SHA-1 but not in a way that really matters." >>>> >>>> If all you need is a 64-bit checksum for data-structure-style >>>> hashing and indexing, use any old old-fashioned checksum algorithm. >>>> >>>> >>>> This would be simple for everyone to implement and it clearly >>>> communicates your design intent (that the security of the design >>>> does not depend on any properties of this value's calculation). >>> >>> +1 in principle. >>> >>> But practically speaking, do you have any suggestions for well-known >>> non-cryptographic hash algorithms? >> >> Hmm, starting with http://en.wikipedia.org/wiki/List_of_hash_functions >> >> FNV seems like a good candidate. >> http://en.wikipedia.org/wiki/Fowler-Noll-Vo_hash_function >> >> Pros: >> * Wide existing usage: >> http://www.isthe.com/chongo/tech/comp/fnv/index.html#history >> >> * On that page they disclaim patents on it. >> >> * It is defined in power-of-two sizes from 32 to 1024 bits. >> >> * Something of an endorsement: >> "We experimetned with several different hash functions and found FNV has >> to be the best one." >> http://domino.watson.ibm.com/library/cyberdig.nsf/papers/2314E66547EF9CC58525 >> 76BE005F1E4F/$File/rc24939.pdf >> >> Cons: >> >> * Uses multiply. Probably not a big deal in practice. >> >> * Not (yet) referenceable in a formal standards doc. >> >>> A quick IANA search turned up >>> Kerberos checksums >>> http://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtm >>> l, >>> including CRC32 (4 octets), des-mac-k (8 octets), and several 16 >>> octet algorithms including MD4 and MD5. >> >> CRC64 doesn't seem to be so great with collisions: >> http://www.cs.ucl.ac.uk/staff/d.jones/crcnote.pdf >> The authors propose a better version. >> >> You could use a pair of (some variant of) CRC32, each preloaded with >> different values. This may not be any better than CRC64 though and may >> not be terribly efficient. >> >>> A search for other "hash", "mac", or "checksum" registries turned up >>> nothing new. >>> >>> It doesn't feel quite right to add a non-cryptographic checksum to >>> the RFC 5246 registry: >>> >>> enum { none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5), >>> sha512(6), (255) } HashAlgorithm; >>> >>> so even if there were such an algorithm, permitting both it and >>> cryptographic hashes would be painful. >> >> Is it really necessary for this to be a flexible parameter? >> >> A implementation now has a choice: implement them all (including ones >> that are never used in practice), or risk not not being compatible >> somewhere. >> >>> I don't see an alternative that satisfies both "simple to implement" >>> and "clearly communicates intent". My care-abouts are 1) a common >>> interoperable algorithm and 2) bandwidth. Computation speed is >>> unimportant, >> >> There's always code size to consider. >> >>> so if everyone thinks sha256 will be cryptographically >>> viable for the foreseeable future and SHA-1 will soon be impossible >>> to get "approved", then sha256 truncated to 64 bits could be a >>> reasonable MUST-support algorithm. >> >> Now you'll have to explain why you're taking the output of an >> industrial-strength hash function and throwing away 3/4 of it. :-) Plus, >> it's wasted effort since collisions will be possible to find in any >> 64-bit hash function. >> >> - Marsh >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >> >> Scanned by Check Point Total Security Gateway. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Simon Josefsson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Adam Langley
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Nikos Mavrogiannopoulos
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Adam Langley
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Michael D'Errico
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Nikos Mavrogiannopoulos
- Re: [TLS] Android's cut-through mode & "RequestTi… Brian Smith
- [TLS] Stream multiplexing extension RE: SPDY / Ne… Brian Smith
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
- [TLS] TLS Performance (was Re: draft-ietf-tls-cac… Michael D'Errico
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Adam Langley
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Adam Langley
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Adam Langley
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Kemp, David P.
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Martin Rex
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
- [TLS] Cached-info substitution Stefan Santesson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Kemp, David P.
- Re: [TLS] Cached-info substitution Brian Smith
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Martin Rex
- Re: [TLS] Cached-info substitution Adam Langley
- Re: [TLS] Cached-info substitution Brian Smith
- Re: [TLS] Cached-info substitution Adam Langley
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
- Re: [TLS] Cached-info substitution Stefan Santesson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Martin Rex
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Martin Rex
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Kemp, David P.
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Martin Rex
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Martin Rex
- [TLS] RFC 5077 (was Re: draft-ietf-tls-cached-inf… Michael D'Errico
- Re: [TLS] Cached-info substitution Adam Langley
- Re: [TLS] Cached-info substitution Wan-Teh Chang
- Re: [TLS] Cached-info substitution Stefan Santesson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Simon Josefsson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Martin Rex
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Kemp, David P.
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Marsh Ray
- Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-cach… Kemp, David P.
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Marsh Ray
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Yoav Nir
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Simon Josefsson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Martin Rex
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Simon Josefsson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Simon Josefsson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Joseph Salowey (jsalowey)
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Martin Rex
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Simon Josefsson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Donald Eastlake
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Joseph Salowey (jsalowey)
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Marsh Ray
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Simon Josefsson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Adam Langley
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Michael D'Errico