At 3:06 PM +0100 3/3/08, Denis Pinkas wrote:
>> >While I welcome this draft, everybody should take into
consideration that, if the SHA2 family happens to be broken
then we will be at risk.
This should be mentioned into the security considerations section.
If an algorithm is cracked then isn't it obvious that we're in trouble? No
other algorithm document I could find says something like this so I'm
inclined to not include this in the security considerations section.
... or anywhere else. If any algorithm (hash, encryption, signing,
...) is broken, it is broken. Sean's right here.
The message is the following: if the SHA2 family is broken, then you
had better
to use two hash algorithms from a different family (e.g. use Whirlpool).
There is no consensus in the IETF that this statement is true. We
have discussed it many times for many years. Adding such a sentence
to this document without community agreement is wrong.
We should also reference
http://www.ietf.org/internet-drafts/draft-ietf-smime-multisig-04.txt
which allows to use two different hash functions (from different
families, if possible).
That's also inappropriate, given that this document covers many uses
of SHA2 that are not related to multisig.