I agree with Derek (I think).
There is a very clear need for 512 bits and there is a case for 256 bits.
It does not seem very likely that the other sizes will get use.
The competition did result in restoring most people's confidence in SHA-2.
It is widely deployed and used today. So I don't see a case for deprecating
any of the SHA-2 bit sizes.
Right now Comodo and various other CAs are using SHA-2-384 in our ECC certs
but that is based on using the NIST curves. It would not surprise me if
people using SHA-2 made the same choice. It is quite clear that the CFRG
ECC signature scheme will use 512 bit and that is the algorithm most likely
to be used with SHA-3.
Given that email recipients tend to end up having to implement all the code
points in a cipher suite because they can't really control what is sent, I
think it is a good plan to be a little parsimonious in selecting key sizes
and avoid choosing key strengths that aren't likely to see use.
On Mon, Aug 10, 2015 at 11:22 AM, Derek Atkins <derek(_at_)ihtfp(_dot_)com>
wrote:
ianG <iang(_at_)iang(_dot_)org> writes:
One would be good. Suits me to go for the longest one.
Possibly two... But the SHA3 competition has shown that SHA2 is pretty
darn good...
How about this:
ID Algorithm Text Name
-- --------- ---------
snip
12 - RESERVED
13 - RESERVED
14 - RESERVED
15 - SHA3-512 [FIPS202] "SHA3-512"
And while we're at it, can we add DEPRECATED to all the rest except
SHA(2)512 ?
I see no reason to deprecate SHA2-256. But I'm fine with all the rest.
iang
-derek
--
Derek Atkins 617-623-3745
derek(_at_)ihtfp(_dot_)com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp