Re: [TLS] SHA-3 in SignatureScheme

Benjamin Kaduk <bkaduk@akamai.com> Fri, 02 September 2016 17:07 UTC

Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A713012B075 for <tls@ietfa.amsl.com>; Fri, 2 Sep 2016 10:07:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.248
X-Spam-Level:
X-Spam-Status: No, score=-3.248 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sykW434BX2C3 for <tls@ietfa.amsl.com>; Fri, 2 Sep 2016 10:07:07 -0700 (PDT)
Received: from prod-mail-xrelay05.akamai.com (prod-mail-xrelay05.akamai.com [23.79.238.179]) by ietfa.amsl.com (Postfix) with ESMTP id D208612B02B for <tls@ietf.org>; Fri, 2 Sep 2016 10:07:06 -0700 (PDT)
Received: from prod-mail-xrelay05.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 2A420423745; Fri, 2 Sep 2016 17:06:56 +0000 (GMT)
Received: from prod-mail-relay10.akamai.com (prod-mail-relay10.akamai.com [172.27.118.251]) by prod-mail-xrelay05.akamai.com (Postfix) with ESMTP id 05ECF42370A; Fri, 2 Sep 2016 17:06:56 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1472836016; bh=DYSi4AV1wi9Wn3DNXM5PnuDA7c98lWVAtMujlPIhcpg=; l=3698; h=To:References:Cc:From:Date:In-Reply-To:From; b=ls1t9J9RXQx9UHPINAKqPmpI/lxBHoTiMuiIqnHeSufCkeyRCbjNmTbdym8uRE022 cfCsIguFPsXXDz1b8OHzOJqILzryEqZAyWmB43XlV4x1hw6pOItImHEFNUcQAdMsrM mPhy/xSgNnvAt7uLwIrhF6Wb+bt9KNUFy79DxkCY=
Received: from [172.19.0.25] (bos-lpczi.kendall.corp.akamai.com [172.19.0.25]) by prod-mail-relay10.akamai.com (Postfix) with ESMTP id B311E1FC8E; Fri, 2 Sep 2016 17:06:55 +0000 (GMT)
To: Dave Garrett <davemgarrett@gmail.com>
References: <7755682.Cma8FBTrvx@pintsize.usersys.redhat.com> <20160902104240.nnt27zfojtywfxpp@LK-Perkele-V2.elisa-laajakaista.fi> <CABcZeBM-4=ostcAkDhM=jk1aRtXD4dXZKz_ymjShFWmStH3otQ@mail.gmail.com> <201609021125.39108.davemgarrett@gmail.com> <CABcZeBOSn-JJgCYPP12wzy3TPEXBGHiCs-qZKosc_cVdwfvFuQ@mail.gmail.com>
From: Benjamin Kaduk <bkaduk@akamai.com>
Message-ID: <f43ef409-0f1b-03ae-08cb-1b0f8c1d3676@akamai.com>
Date: Fri, 2 Sep 2016 12:06:55 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBOSn-JJgCYPP12wzy3TPEXBGHiCs-qZKosc_cVdwfvFuQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------030C4E1BE8A0F90A4DE316A6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ghxPDvd0XYIsxR-rCJblLpy6kjI>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] SHA-3 in SignatureScheme
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Sep 2016 17:07:08 -0000

On 09/02/2016 12:04 PM, Eric Rescorla wrote:
>
>
> On Fri, Sep 2, 2016 at 8:25 AM, Dave Garrett <davemgarrett@gmail.com
> <mailto:davemgarrett@gmail.com>> wrote:
>
>     On Friday, September 02, 2016 07:32:06 am Eric Rescorla wrote:
>     > On Fri, Sep 2, 2016 at 3:42 AM, Ilari Liusvaara
>     <ilariliusvaara@welho.com <mailto:ilariliusvaara@welho.com>> wrote:
>     > > I also don't see why this should be in TLS 1.3 spec, instead of being
>     > > its own spec (I looked up how much process BS it would be to
>     get the
>     > > needed registrations: informative RFC would do).
>     >
>     > I also am not following why we need to do this now. The reason
>     we defined SHA-2 in
>     > a new RFC was because (a) SHA-1 was looking weak and (b) we had
>     to make significant
>     > changes to TLS to allow the use of SHA-2. This does not seem to
>     be that case.
>
>     I don't think we strictly _need_ to do this now, however I think
>     it's a good idea given that we'll need to do it eventually 
>
>
> I'm not sure that that's true.
>

Predicting future needs is not always reliable, yes.
>From a release-engineering (standards-engineering?) perspective, I still
don't see any reasons to add it now, and do see reasons to not add it now.

-Ben