Re: [TLS] New cached-info draft 09 posted
Marsh Ray <marsh@extendedsubset.com> Tue, 13 July 2010 16:54 UTC
Return-Path: <marsh@extendedsubset.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AB7443A68AF for <tls@core3.amsl.com>; Tue, 13 Jul 2010 09:54:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[AWL=0.696, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9tK-rB2pXUpl for <tls@core3.amsl.com>; Tue, 13 Jul 2010 09:54:29 -0700 (PDT)
Received: from mho-01-ewr.mailhop.org (mho-01-ewr.mailhop.org [204.13.248.71]) by core3.amsl.com (Postfix) with ESMTP id B2C7E3A680D for <tls@ietf.org>; Tue, 13 Jul 2010 09:54:29 -0700 (PDT)
Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-01-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from <marsh@extendedsubset.com>) id 1OYikg-00014l-Gf; Tue, 13 Jul 2010 16:54:38 +0000
Received: from [192.168.1.15] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id A6BFE633C; Tue, 13 Jul 2010 16:54:35 +0000 (UTC)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 69.164.193.58
X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX18xyFbq9m1MUSgsbZW4QflXjsSQOV752GY=
Message-ID: <4C3C9A4B.7050300@extendedsubset.com>
Date: Tue, 13 Jul 2010 11:54:35 -0500
From: Marsh Ray <marsh@extendedsubset.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.10) Gecko/20100527 Thunderbird/3.0.5
MIME-Version: 1.0
To: Stefan Santesson <stefan@aaa-sec.com>
References: <C8625BE5.C8C1%stefan@aaa-sec.com>
In-Reply-To: <C8625BE5.C8C1%stefan@aaa-sec.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] New cached-info draft 09 posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jul 2010 16:54:30 -0000
On 07/13/2010 11:07 AM, Stefan Santesson wrote: > How about MUST use SHA-1 for TLS<1.2 and the proposed solution for =< > 1.2? Does it meet the requirements? What were the requirements again? Does it need collision resistance? If so, SHA-1 is deprecated: http://csrc.nist.gov/groups/ST/hash/policy.html > Federal agencies should stop using SHA-1 for digital signatures, > digital time stamping and other applications that require collision > resistance as soon as practical, and must use the SHA-2 family of > hash functions for these applications after 2010. If it doesn't need collision resistance, does it need preimage resistance? If not, FNV is the way to go. If so, SHA-1 probably works but it is certainly going out of style. If you're going to pick a hash function, SHA-256 might be a better choice. Sorry to be such a curmudeon, but it seems like if we're going to use some bit string as a proxy for an object in the handshake I think the default assumption needs be that it must not weaken the Finished computation. If it wasn't important, we could have used FNV. But we decided it was too security critical for FNV, if not for the object types defined now, perhaps for other object types that will be defined in the future. I don't think the "it needs to be secure but not that secure, so we need more than X but less than Z how about Y" is a good method of selecting the hash. If folks feel this usage doesn't require 24 bytes out of the PRF like the Finished messages it would be good for someone to post just a little bit of quantitative justification. (E.g., ...therefore it needs x bits of resistance to ...) - Marsh
- [TLS] Second Last Call: draft-ietf-tls-rfc4366-bi… The IESG
- Re: [TLS] Second Last Call: draft-ietf-tls-rfc436… Paul Hoffman
- [TLS] New cached-info draft 09 posted Stefan Santesson
- Re: [TLS] New cached-info draft 09 posted Michael D'Errico
- Re: [TLS] New cached-info draft 09 posted Marsh Ray
- Re: [TLS] New cached-info draft 09 posted Michael D'Errico
- Re: [TLS] New cached-info draft 09 posted Marsh Ray
- Re: [TLS] New cached-info draft 09 posted Michael D'Errico
- Re: [TLS] New cached-info draft 09 posted Brian Smith
- Re: [TLS] New cached-info draft 09 posted Marsh Ray
- Re: [TLS] New cached-info draft 09 posted Stefan Santesson
- Re: [TLS] New cached-info draft 09 posted Marsh Ray
- Re: [TLS] New cached-info draft 09 posted Stefan Santesson
- Re: [TLS] New cached-info draft 09 posted Marsh Ray
- Re: [TLS] New cached-info draft 09 posted Martin Rex
- Re: [TLS] New cached-info draft 09 posted Stefan Santesson
- Re: [TLS] New cached-info draft 09 posted Marsh Ray
- Re: [TLS] New cached-info draft 09 posted Stefan Santesson
- Re: [TLS] New cached-info draft 09 posted Simon Josefsson
- Re: [TLS] New cached-info draft 09 posted Marsh Ray
- Re: [TLS] New cached-info draft 09 posted Michael D'Errico
- Re: [TLS] New cached-info draft 09 posted Simon Josefsson
- Re: [TLS] New cached-info draft 09 posted Stefan Santesson