Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-cached-info-02 / New "Fast-Track" draft

"Kemp, David P." <> Wed, 24 February 2010 19:48 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8A9B33A857A for <>; Wed, 24 Feb 2010 11:48:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.543
X-Spam-Status: No, score=-6.543 tagged_above=-999 required=5 tests=[AWL=0.056, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id wCusQ3FJtDVN for <>; Wed, 24 Feb 2010 11:48:44 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id A61773A8537 for <>; Wed, 24 Feb 2010 11:48:44 -0800 (PST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Date: Wed, 24 Feb 2010 14:50:36 -0500
Message-ID: <>
In-Reply-To: <>
Thread-Topic: [POSSIBLE SPAM] Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft
Thread-Index: Acq1fta/+6mZ5urJRLautnu1LirFtwAAMTaA
References: <> <><> <>
From: "Kemp, David P." <>
To: <>
X-OriginalArrivalTime: 24 Feb 2010 19:51:36.0812 (UTC) FILETIME=[C6283AC0:01CAB58A]
Subject: Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-cached-info-02 / New "Fast-Track" draft
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 24 Feb 2010 19:48:45 -0000

Marsh Ray wrote:
> It will not be so fun to convince reviewers that "yes we're using
> SHA-1 but not in a way that really matters."
> If all you need is a 64-bit checksum for data-structure-style
> hashing and indexing, use any old old-fashioned checksum algorithm.
> This would be simple for everyone to implement and it clearly
> communicates your design intent (that the security of the design
> does not depend on any properties of this value's calculation).

+1 in principle.

But practically speaking, do you have any suggestions for well-known non-cryptographic hash algorithms?  A quick IANA search turned up Kerberos checksums, including CRC32 (4 octets), des-mac-k (8 octets), and several 16 octet algorithms including MD4 and MD5.

A search for other "hash", "mac", or "checksum" registries turned up nothing new.

It doesn't feel quite right to add a non-cryptographic checksum to the RFC 5246 registry:

      enum {
          none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
          sha512(6), (255)
      } HashAlgorithm;

so even if there were such an algorithm, permitting both it and cryptographic hashes would be painful.

I don't see an alternative that satisfies both "simple to implement" and "clearly communicates intent".  My care-abouts are 1) a common interoperable algorithm and 2) bandwidth.  Computation speed is unimportant, so if everyone thinks sha256 will be cryptographically viable for the foreseeable future and SHA-1 will soon be impossible to get "approved", then sha256 truncated to 64 bits could be a reasonable MUST-support algorithm.