Re: [dane] Last Call: <draft-ietf-dane-protocol-19.txt> (The DNS-Based A

ietf

Re: [dane] Last Call: <draft-ietf-dane-protocol-19.txt> (The DNS-Based Authentication of Named Entities (DANE) Protocol for Transport Layer Security (TLS)) to Proposed Standard

2012-04-13 14:01:18

On Thu, 12 Apr 2012, Ondřej Surý wrote:

As a comment that does not argue for any change, having SHA-256 hash as the 
"lowest" hash excludes SHA-1, a widely deployed hash algorithm.  I gather that 
the WG has made a tradeoff between perceived security and ease of deployment.


SHA-2 was first published 11 years ago and I don't really think that
applications which will decide to implement DANE will not have support
for SHA-2 family.


Using SHA1 at this point is actually more of a risk then using SHA2. If
you want to run your OS or device in FIPS mode, you may not use SHA1 for
anything. I am seeing a lot of breakage in fips mode where apps just
assume a sha1 call never fails. That's long past us now. Don't count
on sha1 being available.

Paul

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [dane] Last Call: <draft-ietf-dane-protocol-19.txt> (The DNS-Based Authentication of Named Entities (DANE) Protocol for Transport Layer Security (TLS)) to Proposed Standard, (continued) Re: [dane] Last Call: <draft-ietf-dane-protocol-19.txt> (The DNS-Based Authentication of Named Entities (DANE) Protocol for Transport Layer Security (TLS)) to Proposed Standard, Dave Cridland Re: [dane] Last Call: <draft-ietf-dane-protocol-19.txt> (The DNS-Based Authentication of Named Entities (DANE) Protocol for Transport Layer Security (TLS)) to Proposed Standard, Ondřej Surý Re: [dane] Last Call: <draft-ietf-dane-protocol-19.txt> (The DNS-Based Authentication of Named Entities (DANE) Protocol for Transport Layer Security (TLS)) to Proposed Standard, John Gilmore Re: [dane] Last Call: <draft-ietf-dane-protocol-19.txt> (The DNS-Based Authentication of Named Entities (DANE) Protocol for Transport Layer Security (TLS)) to Proposed Standard, Ondřej Surý Re: [dane] Last Call: <draft-ietf-dane-protocol-19.txt> (The DNS-Based Authentication of Named Entities (DANE) Protocol for Transport Layer Security (TLS)) to Proposed Standard, Peter Palfrader Re: [dane] Last Call: <draft-ietf-dane-protocol-19.txt> (The DNS-Based Authentication of Named Entities (DANE) Protocol for Transport Layer Security (TLS)) to Proposed Standard, Ondřej Surý Re: [dane] Last Call: <draft-ietf-dane-protocol-19.txt> (The DNS-Based Authentication of Named Entities (DANE) Protocol for Transport Layer Security (TLS)) to Proposed Standard, ned+ietf Re: [dane] Last Call: <draft-ietf-dane-protocol-19.txt> (The DNS-Based, Martin Rex Re: [dane] Last Call: <draft-ietf-dane-protocol-19.txt> (The DNS-Based, ned+ietf Re: [dane] Last Call: <draft-ietf-dane-protocol-19.txt> (The DNS-Based Authentication of Named Entities (DANE) Protocol for Transport Layer Security (TLS)) to Proposed Standard, SM Re: [dane] Last Call: <draft-ietf-dane-protocol-19.txt> (The DNS-Based Authentication of Named Entities (DANE) Protocol for Transport Layer Security (TLS)) to Proposed Standard, Paul Wouters <= Re: [dane] Last Call: <draft-ietf-dane-protocol-19.txt> (The, Martin Rex

Previous by Date:	secdir review of draft-ietf-emu-chbind-14, Stephen Hanna
Next by Date:	Re: [dane] Last Call: <draft-ietf-dane-protocol-19.txt> (The DNS-Based Authentication of Named Entities (DANE) Protocol for Transport Layer Security (TLS)) to Proposed Standard, John Gilmore
Previous by Thread:	Re: [dane] Last Call: <draft-ietf-dane-protocol-19.txt> (The DNS-Based Authentication of Named Entities (DANE) Protocol for Transport Layer Security (TLS)) to Proposed Standard, SM
Next by Thread:	Re: [dane] Last Call: <draft-ietf-dane-protocol-19.txt> (The, Martin Rex
Indexes:	[Date] [Thread] [Top] [All Lists]