ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Fingerprints

2015-05-07 08:21:55
On Thu, May 7, 2015 at 8:14 AM, ianG <iang(_at_)iang(_dot_)org> wrote:
On 6/05/2015 23:14 pm, Phillip Hallam-Baker wrote:

On Wed, May 6, 2015 at 5:31 PM, Christoph Anton Mitterer
<calestyo(_at_)scientia(_dot_)net> wrote:


Is there any broad consensus already about SHA2 vs. SHA3 (except the
traditionalist argument)?


The folk I have spoken to were of the opinion that the SHA3 contest
actually confirmed people's confidence in SHA2. So I don't see a need
to jump to the next bright shiny object.

SHA3 is supported in pretty much every stack now, SHA3 is still a bit
of a work in progress.

So I would suggest that SHA-2-512 be REQUIRED and SHA-3-512 be
RECOMMENDED.




All the above is reasonable.  However there is one further argument in
favour of SHA-3 which is that it is going to come in the form of a much
larger / more powerful toolkit.  It's no longer "just a hash."

It has specific modes attached to it that can do, for example, AE, and that
AE mode has (I gather) been used for the CAESAR competition.

Point being, there is a chance that we can do the whole symmetric part with
only one algorithm... :-o

Now I know this will give people the heebie jeebies, so what I'd say now is
that we delay a firm decision until NIST have published their spec on SHA-3
and then review it to get the true story.  My information is based on a
presentation I saw by the Keccak team, so possibly I'm way off base.  NIST
will clarify this all.

On the platforms I use, I can expect SHA-3 to arrive in due course but
it isn't going to expose that functionality without a completely new
API.

From a design point of view it is clear that SHA-2 and SHA-3 are the
choices and one will be REQUIRED and the other RECOMMENDED. Which is
which has no immediate implications and does not even become an issue
until last call.

I have text and I have code for the SHA-2 version. I can get a
standalone draft done next week and then we don't need to keep
circling on this.

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

<Prev in Thread] Current Thread [Next in Thread>