> -----Original Message----- > From: dane [mailto:[email protected]] On Behalf Of Viktor Dukhovni > Sent: Thursday, February 06, 2014 1:58 PM > To: [email protected] > Subject: Re: [dane] I-D Action: draft-ietf-dane-smime-03.txt > > On Thu, Feb 06, 2014 at 10:51:28PM +0100, Jakob Schlyter wrote: > > > On 6 feb 2014, at 20:53, Viktor Dukhovni <[email protected]> > wrote: > > > > > Switching gears, was any consensus reached on the endoing of the > > > query label? A truncated HMAC seems to offer better usability than > > > base32. I think that the specification is in good shape, modulo the > > > query label encoding. > > > > Yes, we're looking at doing a plain sha224 for the LHS lookup instead > > of base32. Paul Wouters will provide some draft text for both > > documents (S/MIME & PGP). I would [not] say we have consensus for > > HMAC-sha224 yet, but that's something we can discuss further. > > I think that HMAC-sha224 would be wiser, since otherwise a single dictionary > works for all domains. The key should be the domain name. The question is I > think not whether HMAC is necessary, but rather whether it is sufficient, one > might argue for iterated HMAC with a reasonably high iteration count > (unfortunately fixed, but Moore's law will end any day now, ... promise! )
A trivial way to avoid the global dictionary is to simply hash the email address - that is both the local part and the domain. This would make it unique for each domain. Jim > > -- > Viktor. > _______________________________________________ > dane mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dane _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
