--On 8-2-2005 9:42 -0800 Jon Callas <jon(_at_)callas(_dot_)org> wrote:
I almost cringe to suggest this, but I will.
Triple-DES is pretty much obsolete. Yesterday, I saw that NIST announced
they're moving to stronger hashes.
Does anyone object to changing the MUST cipher to AES (I'd pick 128) and
MUST hash to SHA-256?
Regarding SHA-256: would that mean switching to SHA-256 for key
fingerprints as well? (shouldn't v5 keys be introduced then?) And use
SHA-256 for MDC packets?
Or is it just adding a MUST implement, so applications can use SHA-256 for
document signatures with RSA keys only? (as DSA forces one to use SHA-1
anyway)
IMHO, the first is what should be done at some point, but that's a really
big change: all implementations out there need to be upgraded. Wouldn't
that conflict with getting the current draft on standards track?
I do not see the point of the second option: as long as keys are only
protected by a 160 bit figerprint, there is not much point protecting
document signatures with longer hashes. It may be harder to generate a
collision resulting in a valid key, then it is to generate a collision
resulting in just some other random document, but I do not think it is wise
to count on such an assumption.
--
Edwin