Re: [TLS] Consensus Call: FNV vs SHA1

Nicolas Williams <> Tue, 11 May 2010 16:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DA5203A6D1D for <>; Tue, 11 May 2010 09:05:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.913
X-Spam-Status: No, score=-4.913 tagged_above=-999 required=5 tests=[AWL=1.685, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mTUdXz1AVEp9 for <>; Tue, 11 May 2010 09:05:32 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id D3EEB3A6D1C for <>; Tue, 11 May 2010 09:05:31 -0700 (PDT)
Received: from ( []) by (Switch-3.4.2/Switch-3.4.1) with ESMTP id o4BG5E9K006247 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 11 May 2010 16:05:16 GMT
Received: from ( []) by (Switch-3.4.2/Switch-3.4.1) with ESMTP id o4B6Oun1016336; Tue, 11 May 2010 16:05:06 GMT
Received: from by with ESMTP id 255329951273593883; Tue, 11 May 2010 09:04:43 -0700
Received: from (/ by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 11 May 2010 09:04:39 -0700
Date: Tue, 11 May 2010 11:04:35 -0500
From: Nicolas Williams <>
To: "Joseph Salowey (jsalowey)" <>
Message-ID: <>
References: <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.20 (2010-03-02)
X-Auth-Type: Internal IP
X-Source-IP: []
X-CT-RefId: str=0001.0A090205.4BE9803D.003D:SCFMA4539811,ss=1,fgs=0
Subject: Re: [TLS] Consensus Call: FNV vs SHA1
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 11 May 2010 16:05:33 -0000

On Mon, May 10, 2010 at 10:39:28AM -0700, Joseph Salowey (jsalowey) wrote:
> I don't see much new being added to this discussion at this point.  I'd
> like to close on this.  If you have an opinion please indicate if:
> a) You favor SHA-1
> b) You favor FNV-1a

Subsequent discussion shows that hash collisions are a problem for this
protocol, though not a security problem.  As such I believe that (b) is
now out of order, and therefore I now favor (a), with less or no

I believe additional text is required to explain what to do when
collisions result, and also how to detect collisions (I think collisions
can only be detected heuristically on handshake failure, but can
confirmed on subsequent retry).

I believe too that a protocol design where collisions are avoided
altogether is not desirable.  But something to consider might be to send
not just a checksum/hash of cached objects, but also the name of the
first cert in any cert/cert chain or other nameable object -- this would
make collisions entirely avoidable by having operators check for them
before installing new certs.