Re: [TLS] Consensus Call: FNV vs SHA1

Nicolas Williams <Nicolas.Williams@oracle.com> Tue, 11 May 2010 16:05 UTC

Return-Path: <Nicolas.Williams@oracle.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DA5203A6D1D for <tls@core3.amsl.com>; Tue, 11 May 2010 09:05:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.913
X-Spam-Level:
X-Spam-Status: No, score=-4.913 tagged_above=-999 required=5 tests=[AWL=1.685, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mTUdXz1AVEp9 for <tls@core3.amsl.com>; Tue, 11 May 2010 09:05:32 -0700 (PDT)
Received: from rcsinet10.oracle.com (rcsinet10.oracle.com [148.87.113.121]) by core3.amsl.com (Postfix) with ESMTP id D3EEB3A6D1C for <tls@ietf.org>; Tue, 11 May 2010 09:05:31 -0700 (PDT)
Received: from rcsinet13.oracle.com (rcsinet13.oracle.com [148.87.113.125]) by rcsinet10.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o4BG5E9K006247 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 11 May 2010 16:05:16 GMT
Received: from acsmt354.oracle.com (acsmt354.oracle.com [141.146.40.154]) by rcsinet13.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o4B6Oun1016336; Tue, 11 May 2010 16:05:06 GMT
Received: from abhmt010.oracle.com by acsmt355.oracle.com with ESMTP id 255329951273593883; Tue, 11 May 2010 09:04:43 -0700
Received: from oracle.com (/129.153.128.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 11 May 2010 09:04:39 -0700
Date: Tue, 11 May 2010 11:04:35 -0500
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
Message-ID: <20100511160434.GK9429@oracle.com>
References: <AC1CFD94F59A264488DC2BEC3E890DE50A43B479@xmb-sjc-225.amer.cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <AC1CFD94F59A264488DC2BEC3E890DE50A43B479@xmb-sjc-225.amer.cisco.com>
User-Agent: Mutt/1.5.20 (2010-03-02)
X-Auth-Type: Internal IP
X-Source-IP: rcsinet13.oracle.com [148.87.113.125]
X-CT-RefId: str=0001.0A090205.4BE9803D.003D:SCFMA4539811,ss=1,fgs=0
Cc: tls@ietf.org
Subject: Re: [TLS] Consensus Call: FNV vs SHA1
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 May 2010 16:05:33 -0000

On Mon, May 10, 2010 at 10:39:28AM -0700, Joseph Salowey (jsalowey) wrote:
> I don't see much new being added to this discussion at this point.  I'd
> like to close on this.  If you have an opinion please indicate if:
> 
> a) You favor SHA-1
> b) You favor FNV-1a

Subsequent discussion shows that hash collisions are a problem for this
protocol, though not a security problem.  As such I believe that (b) is
now out of order, and therefore I now favor (a), with less or no
truncation.

I believe additional text is required to explain what to do when
collisions result, and also how to detect collisions (I think collisions
can only be detected heuristically on handshake failure, but can
confirmed on subsequent retry).

I believe too that a protocol design where collisions are avoided
altogether is not desirable.  But something to consider might be to send
not just a checksum/hash of cached objects, but also the name of the
first cert in any cert/cert chain or other nameable object -- this would
make collisions entirely avoidable by having operators check for them
before installing new certs.

Nico
--