Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
Martin Rex <Martin.Rex@sap.com> Mon, 10 March 2008 18:59 UTC
Return-Path: <tls-bounces@ietf.org>
X-Original-To: ietfarch-tls-archive@core3.amsl.com
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 34AA028C427; Mon, 10 Mar 2008 11:59:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.343
X-Spam-Level:
X-Spam-Status: No, score=-103.343 tagged_above=-999 required=5 tests=[AWL=-2.906, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BWRfQHi93rII; Mon, 10 Mar 2008 11:59:34 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D1B4328C29C; Mon, 10 Mar 2008 11:59:25 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DE13D3A6994 for <tls@core3.amsl.com>; Mon, 10 Mar 2008 11:59:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 61CYqWD6nT5h for <tls@core3.amsl.com>; Mon, 10 Mar 2008 11:59:24 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.171]) by core3.amsl.com (Postfix) with ESMTP id 0C6CC28C211 for <tls@ietf.org>; Mon, 10 Mar 2008 11:59:17 -0700 (PDT)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id m2AIuQJ5017398; Mon, 10 Mar 2008 19:56:27 +0100 (MET)
From: Martin Rex <Martin.Rex@sap.com>
Message-Id: <200803101856.m2AIuNJf011412@fs4113.wdf.sap.corp>
To: rwilliams@certicom.com
Date: Mon, 10 Mar 2008 19:56:23 +0100
In-Reply-To: <OF0C31C615.1AFB9004-ON85257408.005F41D9-85257408.0060453E@certicom.com> from "Rob Williams" at Mar 10, 8 01:30:07 pm
MIME-Version: 1.0
X-Scanner: Virus Scanner virwal05
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: martin.rex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org
Rob Williams wrote: > > At Thu, 06 Mar 2008 08:32:04 -0800 > Eric Rescorla wrote: > > > There seem to be a lot of strong feelings against SHA-224. > > > I looked at the FIPS amendment which defines it, and it > > > doesn't appear to be such a horrible thing. Can someone > > > explain how NIST got it so wrong? > > > > It's not *bad*. It's just unnecessary. > > Agreed. > > Just as SHA-224 is to SHA-256, > SHA-384 is to SHA-512: truncated with different IV. > > I am looking forward to seeing SHA-384 removed from TLS 1.2. I consider the size difference between sha-224 and sha-256 sufficiently small to not have a significant impact on DSA signature operations. The difference between sha-256, sha-384 and sha-512 is much larger, and while the effort for calculating sha-384 and sha-512 might be the same, the resource consumption on keypair and digital signature generation for/with the DSA algorithm might make a hash with a size between 256 and 512 bit attractive. I don't know what the motivation is to create a seperate hash (same underlying algorithm, different IV and truncated result) rather than to define the truncation of the Hash within the DSA signature generation, but I hope/guess there is some difference which made the cryptographers come up with SHA-384. -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (… Rob Williams
- Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (… Uri Blumenthal
- Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (… Martin Rex
- Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (… Martin Rex