[TLS] Collisions (Re: Consensus Call: FNV vs SHA1)

Nicolas Williams <Nicolas.Williams@oracle.com> Mon, 10 May 2010 21:32 UTC

Return-Path: <Nicolas.Williams@oracle.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 78F293A6902 for <tls@core3.amsl.com>; Mon, 10 May 2010 14:32:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.657
X-Spam-Status: No, score=-4.657 tagged_above=-999 required=5 tests=[AWL=1.941, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id mvzf02rpmVKg for <tls@core3.amsl.com>; Mon, 10 May 2010 14:32:23 -0700 (PDT)
Received: from rcsinet10.oracle.com (rcsinet10.oracle.com []) by core3.amsl.com (Postfix) with ESMTP id A25093A68A9 for <tls@ietf.org>; Mon, 10 May 2010 14:32:23 -0700 (PDT)
Received: from acsinet15.oracle.com (acsinet15.oracle.com []) by rcsinet10.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o4ALW6R0002062 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 10 May 2010 21:32:08 GMT
Received: from acsmt354.oracle.com (acsmt354.oracle.com []) by acsinet15.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o4AGRbjd025753; Mon, 10 May 2010 21:32:02 GMT
Received: from abhmt017.oracle.com by acsmt355.oracle.com with ESMTP id 229173931273527041; Mon, 10 May 2010 14:30:41 -0700
Received: from oracle.com (/ by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 10 May 2010 14:30:40 -0700
Date: Mon, 10 May 2010 16:30:36 -0500
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Message-ID: <20100510213035.GX9429@oracle.com>
References: <AC1CFD94F59A264488DC2BEC3E890DE50A43B479@xmb-sjc-225.amer.cisco.com> <20100510190954.GV9429@oracle.com> <p06240816c80e266db104@[]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <p06240816c80e266db104@[]>
User-Agent: Mutt/1.5.20 (2010-03-02)
X-Auth-Type: Internal IP
X-Source-IP: acsinet15.oracle.com []
X-CT-RefId: str=0001.0A090203.4BE87B5A.0134:SCFMA922111,ss=1,fgs=0
Cc: tls@ietf.org
Subject: [TLS] Collisions (Re: Consensus Call: FNV vs SHA1)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 May 2010 21:32:24 -0000

On Mon, May 10, 2010 at 02:10:35PM -0700, Paul Hoffman wrote:
> Again, +1 to what Nico says here. If we're trying to make using FNV
> sensible for future use as well, let's do the work to get it right
> here.

Thanks.  Note that I don't see FNV as having a bright future in our
protocols, so that I'm not concerned about making it easier to use in
the future.

I'm, however, concerned that the design of this protocol won't handle
collisions very well, whether FNV or SHA-1.  At first glance it sure
looks that way.  And ISTM that there's a better design that is or can be
impervious to hash collisions.  I could review the document thouroughly
and convince myself one way or the other, but I'm lazy -- I'd rather
hear from the authors, then evaluate their explanations.