Re: [Trans] Policy for adding to IANA registries requested in 6962-bis

Eran Messeri <> Wed, 14 December 2016 12:28 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BB8B3129536 for <>; Wed, 14 Dec 2016 04:28:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.896
X-Spam-Status: No, score=-4.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-2.896, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id yCOQo7DCONRS for <>; Wed, 14 Dec 2016 04:28:08 -0800 (PST)
Received: from ( [IPv6:2a00:1450:400c:c01::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DB57C1295C4 for <>; Wed, 14 Dec 2016 04:28:06 -0800 (PST)
Received: by with SMTP id tg4so31761459wjb.1 for <>; Wed, 14 Dec 2016 04:28:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=my55LYiTIPH1dOUx1oVOWqYxlysynwfhzyItO5ICJBg=; b=YTljs1YOAa4SUK6NQDWmrVVBoM6DRlCdBNvSI2GlTOPjN8yrp/ALvObTj/i3yHH+1k r9NOxOq0UkbVtsS99f/mYNqx2M9vv12l6J0E/PjHJ/4f8VRtPDXzr853pIx22AERfdnh Vm+OBfbtUu4an+jCRghthb6ZdescG9lV06OkAfT2ohCru0U0ZylMhcPUbQtHgBl5lk/D +IeMFdjYcsVLg1BIVbdfSR5uc58jn4xYON0OXWcJYCYBZy+OBgoYF99kfClL/c7jMoE4 VZ5KyPikGDQ7JIkiPaW7evH78+xqm9RUQSuKORhbkfAdBuG3doziSAsOWIKynj4EVBP/ Ouzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=my55LYiTIPH1dOUx1oVOWqYxlysynwfhzyItO5ICJBg=; b=Mz5R4bFfT+IYy644TdK+FkAHYomgFlaKQ9Ea6DKumbVfzgJi/Jfm+JUDpfahV/UPXf /jj935V9u3l/6w8soxR4/ZB3vAnckGK77QaVD0StU7Yu6R4zl24sGX5s/8e2F7qKPed3 gQ+sJuhm97oVWGx0V9qvKK6v2UrgSgHJBi8QVACegF82gYUcAmcSDueZ2sWjHkIsS/XU 7SmL/J0gnLE67RLucMZFLPj6pzcmvy9QW6uT8ZJua7wk8MDxd3bT2QL8IxmMEArSnVZK VWshKqcXzx6WTaPjxkyrUJA7ckAHtgKavffUdAeEHeSk4R9PBpSP7KnxExQ9ZwopD+z9 6vGA==
X-Gm-Message-State: AKaTC03TieKKP2jRCxx8akTuetIEozDuu/kwn8mjUNn5kLEr5LYqa+PDGsLfGvR09heUfivEabNPZQtzL8Kuq+K2
X-Received: by with SMTP id u4mr7366508wmb.86.1481718485254; Wed, 14 Dec 2016 04:28:05 -0800 (PST)
MIME-Version: 1.0
Received: by with HTTP; Wed, 14 Dec 2016 04:27:34 -0800 (PST)
In-Reply-To: <>
References: <r470Ps-10121i-019CF7E50A5744F38D78ABB70C8C48F5@Williams-MacBook-Pro.local> <>
From: Eran Messeri <>
Date: Wed, 14 Dec 2016 12:27:34 +0000
Message-ID: <>
To: Stephen Farrell <>
Content-Type: multipart/alternative; boundary="001a1148e998f8e7ac05439d77a0"
Archived-At: <>
Cc: "" <>, Bill Frantz <>, Andrew Ayer <>
Subject: Re: [Trans] Policy for adding to IANA registries requested in 6962-bis
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Public Notary Transparency working group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 14 Dec 2016 12:28:11 -0000

On Wed, Dec 14, 2016 at 12:48 AM, Stephen Farrell <
> wrote:

> Hiya,
> Just a comment from the sidelines...
> On 14/12/16 00:20, Bill Frantz wrote:
> >
> > "Suitable for use as a cryptographic hash with no known preimage or
> > collision attacks. These attacks can damage the integrity of the log."
> If taking this approach it might be useful to consider the
> duration for which any such properties are desired, e.g. to
> consider how that duration maps to hashes used in certificate
> signing would seem like a natural enough thing to do. And it
> might even be the case that such consideration provides a way
> to avoid a separate registry maybe, not sure.
IIUC the question is for how long a hash algorithm used in a log should be
resistant to preimage or collision attacks.
A simple answer would be "for the entire lifetime of the log" (with the
expectation that new logs would be spun up with better hash algorithms if
the one in current use doesn't have these properties anymore).
A more in-depth analysis of how the protocol would break if the hash
algorithm used by logs is a good idea, merits more thought though (and may
belong in the threat analysis document?).

Re a separate registry, I've looked into re-using existing registries
(following a suggestion from a colleague, David Drysdale), but concluded
that  it would complicate implementation by tying them to implementations
of more hash algorithms than is necessary or useful to the protocol. Since
each hash algorithm has to be evaluated for suitability for use in CT logs
anyway, I didn't see much point in re-using an existing registry and
specifying a bunch of exceptions on top of it.

> S.