ietf-smime
[Top] [All Lists]

Re: Last Call: draft-ietf-smime-sha2 (Using SHA2 AlgorithmswithCryptographic Message Syntax) to Proposed Standard

2008-03-03 11:15:53

At 3:06 PM +0100 3/3/08, Denis Pinkas wrote:
 >>  >While I welcome this draft, everybody should take into
consideration that, if the SHA2 family happens to be broken
then we will be at risk.
This should be mentioned into the security considerations section.

If an algorithm is cracked then isn't it obvious that we're in trouble?  No
other algorithm document I could find says something like this so I'm
inclined to not include this in the security considerations section.

... or anywhere else. If any algorithm (hash, encryption, signing,
...) is broken, it is broken. Sean's right here.

The message is the following: if the SHA2 family is broken, then you had better
to use two hash algorithms from a different family (e.g. use Whirlpool).

There is no consensus in the IETF that this statement is true. We have discussed it many times for many years. Adding such a sentence to this document without community agreement is wrong.

We should also reference http://www.ietf.org/internet-drafts/draft-ietf-smime-multisig-04.txt which allows to use two different hash functions (from different families, if possible).

That's also inappropriate, given that this document covers many uses of SHA2 that are not related to multisig.