[Top] [All Lists]

Re: Support for hash algorithms other than SHA-1

2005-06-27 13:28:56

At 9:45 AM -0400 6/22/05, Russ Housley wrote:
Section of RFC 3851 says:

   The SHA-256, SHA-384, and SHA-512 algorithms [FIPS180-2] are not
   currently recommended in S/MIME, and are included here for

I think it is time to revisit this decision. I think the standard needs to accept longer hash functions, at least with the RSA signature algorithm. of 3851 is discussing the micalg parameter. Maybe we should instead be discussing RFC 3370, which doesn't mention SHA-224, -256, -384, or -512 at all. That is, 3851 is fine as far as it goes.

At 1:51 PM -0400 6/27/05, Russ Housley wrote:
So, building on what Peter Gutmann suggested:

      sha1WithRSAEncryption would be a MUST-

      sha224WithRSAEncryption would be a MAY

      sha256WithRSAEncryption would be a SHOULD+

      sha384WithRSAEncryption would be a MAY

      sha512WithRSAEncryption  would be a MAY

RFC 3370 needs to be expanded to say how all those work. (If we let Peter do it, you can imagine what he'll say about the utility or even the existence sha224WithRSAEncryption...) I'm OK with those settings if you use the words from the IPsec work.

Unfortunately, I do not have a similar recommendation for DSA. SHA-1 still seems to be the only supported one-way hash function. I expect that to change soon, but it has not happened yet.

So....., what do we do? Update 3370 without changing DSA, then upgrade it again when the DSA change comes down? Wait for the DSA change?

--Paul Hoffman, Director
--Internet Mail Consortium