On Tue, 11 Aug 2015 14:29, iang(_at_)iang(_dot_)org said:
* to choose which SHA3 we're going for. This not only means
addressing the additionals (like the 4 lengths) but also resolving the
uncertainty (perhaps in my mind only) about SHAKES.
I don't think so. Let's assume that 4880bis specifies SHA-256 as the
replacement for SHA throughout the protocol. Then it would be pretty
clear that SHA3-256 can be used if surprisingly a Chinese researcher
finds weaknesses in SHA2.
* to build a more comprehensive alg-failure recovery strategy. By
this I mean, more than handwaving at SHA3 as a potential drop in;
making it the actual drop in with a process by which we trigger that
We already have this. The preference systems greatly helped with the
migration from SHA-1 to SHA-256 et al.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp