Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft

"Kemp, David P." <DPKemp@missi.ncsc.mil> Fri, 19 February 2010 15:37 UTC

Return-Path: <DPKemp@missi.ncsc.mil>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6E61E3A7CE8 for <tls@core3.amsl.com>; Fri, 19 Feb 2010 07:37:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zMxN+WbbC84N for <tls@core3.amsl.com>; Fri, 19 Feb 2010 07:37:06 -0800 (PST)
Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.50.20]) by core3.amsl.com (Postfix) with ESMTP id DF4083A7D16 for <tls@ietf.org>; Fri, 19 Feb 2010 07:37:05 -0800 (PST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01CAB179.9069F1F5"
Date: Fri, 19 Feb 2010 10:38:18 -0500
Message-ID: <201002191538.o1JFcqh4005438@stingray.missi.ncsc.mil>
In-Reply-To: <4B7EA8E7.3050703@briansmith.org>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft
Thread-Index: Acqxdxh2WJRjlvXNQjeVp8CEF5rFpwAAIq2g
References: <201002191403.o1JE3qWe004203@fs4113.wdf.sap.corp> <4B7EA8E7.3050703@briansmith.org>
From: "Kemp, David P." <DPKemp@missi.ncsc.mil>
To: <tls@ietf.org>
X-OriginalArrivalTime: 19 Feb 2010 15:39:37.0828 (UTC) FILETIME=[BE799A40:01CAB179]
Subject: Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Feb 2010 15:37:07 -0000

Note that the key concept described in secure_hashing.html is “secure”:  

 

Federal agencies should stop using SHA-1 for digital signatures, digital time stamping and other applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010.

 

When a hash algorithm is used for non-security purposes, such as database bucketing (http://en.wikipedia.org/wiki/Hash_table) or cache object selection, the NIST guidance does not apply.

 

Dave

 

 

From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of Brian Smith
Sent: Friday, February 19, 2010 10:06 AM
To: mrex@sap.com
Cc: tls@ietf.org
Subject: Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft

  

From http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html:

"Regardless of use, NIST encourages application and protocol designers to use the SHA-2 family of hash functions for all new applications and protocols. After 2010, Federal agencies may use SHA-1 only for the following applications: hash-based message authentication codes (HMACs); key derivation functions (KDFs); and random number generators (RNGs). " 



Regards,
Brian