ietf-openpgp
[Top] [All Lists]

[openpgp] Incorporated RFC 6637: SHA2-384 recommendation

2021-02-26 05:47:08
On Tue, 23 Feb 2021 03:19:03 +0100,
Paul Wouters wrote:
- Incorporated RFC 6637 (ECDSA and ECDH, using NIST curves)

In the OpenPGP ECC Profile section, SHA2-384 is listed as a SHOULD
algorithm:

  ## OpenPGP ECC Profile

  A compliant application MUST implement SHA2-256 and SHOULD implement
  SHA2-384 and SHA2-512.

But, in the 'Hash Algorithms' section, it is a MAY algorithm.

  ## Hash Algorithms

  Implementations MUST implement SHA-1.
  Implementations MAY implement other algorithms.
  MD5 is deprecated.

In the 'Security Considerations' section there are two relevant
points:

  # Security Considerations

  - Requirement levels indicated elsewhere in this document lead to
    the following combinations of algorithms in the OpenPGP profile:
    MUST implement NIST curve P-256 / SHA2-256 / AES-128, SHOULD
    implement NIST curve P-521 / SHA2-512 / AES-256, MAY implement
    NIST curve P-384 / SHA2-384 / AES-256, among other allowed
    combinations.

  - SHA2-224 and SHA2-384 require the same work as SHA2-256 and
    SHA2-512, respectively.  In general, there are few reasons to use
    them outside of DSS compatibility.

So, ECC that uses SHA2-384 is a MAY and SHA2-384 is discouraged.

In the past, we've talked about algorithm agility on this mailing
list:

  http://mailarchive.ietf.org/arch/msg/openpgp/2C5jQNKcnUZZUzh84s0Di-GYKV0

And the last version of 4880bis only included SHA3-256 and SHA3-512.

  
https://gitlab.com/openpgp-wg/rfc4880bis/-/blob/main/draft-ietf-openpgp-rfc4880bis-09.txt#L3801


My suggestion is to change the following text:

  A compliant application MUST implement SHA2-256 and SHOULD implement
  SHA2-384 and SHA2-512.

to

  A compliant application MUST implement SHA2-256 and SHOULD implement
  SHA2-512.  It MAY implement SHA2-384.

Neal

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

<Prev in Thread] Current Thread [Next in Thread>