[Top] [All Lists]

Re: Support for hash algorithms other than SHA-1

2005-06-27 12:58:24

On Jun 27, 2005, at 10:51 AM, Russ Housley wrote:
So, building on what Peter Gutmann suggested:

      sha1WithRSAEncryption would be a MUST-

      sha224WithRSAEncryption would be a MAY

      sha256WithRSAEncryption would be a SHOULD+

      sha384WithRSAEncryption would be a MAY

      sha512WithRSAEncryption  would be a MAY

Unfortunately, I do not have a similar recommendation for DSA. SHA-1 still seems to be the only supported one-way hash function. I expect that to change soon, but it has not happened yet.

"As yet unwritten DSA variant, SHOULD+"

I still find myself somewhat annoyed by the MUST- SHOULD+ approach, though I do understand that as a "clue for future revisions" it has some value.

Personally, I would upgrade 384 and 512 to SHOULD (no "+"). The semantic of that is "there may exist valid reasons in particular circumstances to ignore". If you can't do 64-bit easily or the performance makes you crabby, then you can invoke that clause. I don't really feel strongly enough about it to fight for this though.

Are there any reasons besides implementation ease to promote or discourage the SHA-512-derived algorithms? Is there any cryptographic history with SHA-256 that makes us nervous (besides the obvious 'strength in length' argument)?

Blake Ramsdell | Sendmail, Inc. |