On Thu, Feb 06, 2014 at 10:51:28PM +0100, Jakob Schlyter wrote:
> On 6 feb 2014, at 20:53, Viktor Dukhovni <[email protected]> wrote:
>
> > Switching gears, was any consensus reached on the endoing of the
> > query label? A truncated HMAC seems to offer better usability than
> > base32. I think that the specification is in good shape, modulo
> > the query label encoding.
>
> Yes, we're looking at doing a plain sha224 for the LHS lookup
> instead of base32. Paul Wouters will provide some draft text for
> both documents (S/MIME & PGP). I would [not] say we have consensus for
> HMAC-sha224 yet, but that's something we can discuss further.
I think that HMAC-sha224 would be wiser, since otherwise a single
dictionary works for all domains. The key should be the domain
name. The question is I think not whether HMAC is necessary, but
rather whether it is sufficient, one might argue for iterated HMAC
with a reasonably high iteration count (unfortunately fixed, but
Moore's law will end any day now, ... promise! )
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
