[TLS] Justification

Michael D'Errico <mike-list@pobox.com> Wed, 12 May 2010 15:08 UTC

Return-Path: <mike-list@pobox.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F18FE28C2D2 for <tls@core3.amsl.com>; Wed, 12 May 2010 08:08:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.762
X-Spam-Level:
X-Spam-Status: No, score=-1.762 tagged_above=-999 required=5 tests=[AWL=0.837, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xao0lf4asG+p for <tls@core3.amsl.com>; Wed, 12 May 2010 08:08:10 -0700 (PDT)
Received: from sasl.smtp.pobox.com (a-pb-sasl-quonix.pobox.com [208.72.237.25]) by core3.amsl.com (Postfix) with ESMTP id 84D7428C314 for <tls@ietf.org>; Wed, 12 May 2010 07:56:01 -0700 (PDT)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 2005DB225B; Wed, 12 May 2010 10:55:51 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=CJmru17qnts+ gByVk61PAbohL+U=; b=UjQtdURmkynyrPzx7b4EQRUFFCpb5l6su66R785XPnBt Lbd42cqaEdoovXVvLu91wzPIKD59vTXw7Nu3A07drUWGMs6te7jJPAS6VCPTyexD ppmwiKWu3CSxaW5Y4bSvt7z/9nSikGKslHnasxQFDB7hhhgSpo6/RrthENE4Jhw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=xkjZHt /MYQ+aEnpdZ3kEcWvJRnMGFVS01eMK3inGKjlBtW8F01s0sU7g7g0h4QAnokQ1rO Qn6h6hgXP9LSmuWs7PRWU4nQyzmNax5BOAYGaFaMqErfg+4PUROnHxFBsPDW4uTT eG8pDau17S+vdCl8qfqD6Lyxy/F8HwxdVciF4=
Received: from a-pb-sasl-quonix. (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id E3232B2257; Wed, 12 May 2010 10:55:47 -0400 (EDT)
Received: from administrators-macbook-pro.local (unknown [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTPSA id 2927DB223E; Wed, 12 May 2010 10:55:02 -0400 (EDT)
Message-ID: <4BEAC145.60607@pobox.com>
Date: Wed, 12 May 2010 07:55:01 -0700
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: Simon Josefsson <simon@josefsson.org>
References: <20100510221531.GC9429@oracle.com> <201005111339.o4BDdoYQ009725@fs4113.wdf.sap.corp> <20100511152153.GF9429@oracle.com> <201005111803.o4BI3fhO006065@stingray.missi.ncsc.mil> <20100511190958.GR9429@oracle.com> <4BE9B0BC.2000101@extendedsubset.com> <20100511194620.GU9429@oracle.com> <4BE9B856.40000@extendedsubset.com> <20100511200728.GW9429@oracle.com> <4BE9CC88.6040103@extendedsubset.com> <87aas5sbzy.fsf@mocca.josefsson.org>
In-Reply-To: <87aas5sbzy.fsf@mocca.josefsson.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: 730CD63A-5DD6-11DF-A96F-D033EE7EF46B-38729857!a-pb-sasl-quonix.pobox.com
Cc: "Kemp, David P." <DPKemp@missi.ncsc.mil>, tls@ietf.org
Subject: [TLS] Justification
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 May 2010 15:08:12 -0000

Can someone please remind me why we want cached-info?  It seems that
the problems it creates aren't worth the small optimization it might
provide.

Mike



Simon Josefsson wrote:
> Marsh Ray <marsh@extendedsubset.com> writes:
> 
>> Alternatively, if we determine that indeed the non-collision-resistance
>> of the hash function is the root of all remaining concerns that would be
>> very positive. We could solve them all in one stroke with
>> s/FNV-1a/SHA-256/g.
> 
> If collision-resistance is a required property (I'm not convinced yet),
> I believe we need hash agility for the possibility that SHA-256 is weak.
> 
> /Simon