[Top] [All Lists]

Re: Last Call: draft-ietf-smime-sha2 (Using SHA2 AlgorithmswithCryptographic Message Syntax) to Proposed Standard

2008-03-04 12:09:44
At Mon, 3 Mar 2008 07:44:00 -0800,
Paul Hoffman wrote:

At 3:06 PM +0100 3/3/08, Denis Pinkas wrote:
 >>  >While I welcome this draft, everybody should take into
consideration that, if the SHA2 family happens to be broken
then we will be at risk.
This should be mentioned into the security considerations section.

If an algorithm is cracked then isn't it obvious that we're in trouble?  No
other algorithm document I could find says something like this so I'm
inclined to not include this in the security considerations section.

... or anywhere else. If any algorithm (hash, encryption, signing,
...) is broken, it is broken. Sean's right here.

The message is the following: if the SHA2 family is broken, then you 
had better
to use two hash algorithms from a different family (e.g. use Whirlpool).

There is no consensus in the IETF that this statement is true. We 
have discussed it many times for many years. Adding such a sentence 
to this document without community agreement is wrong.

I agree with Paul that there is no consensus here.

IETF mailing list