Hiya,
On 05/12/2020 14:58, Salz, Rich wrote:
There is a fair amount of academic study around SipHash, and while everyone can make mistakes, its creators have a pretty good reputation. I don't think we can say SipHash is unknown in the industry. The TLSWG made it a practice to ask CFRG to "approve" all crypto it used (except perhapd HKDF, but that's a side note). The DNSOP has no such practice.
FWIW, I think asking CFRG for comment (not approval) whenever a new algorithm is introduced onto the standards-track is a good idea, regardless of the WG from which the draft came. Such checks don't mean anyone thinks badly of any algorithm, the argument is it's better to ask a question in the place where the expertise lies, just in case. Cheers, S.
If SECDIR or the Ads thinks SipHash isn't good, it would be great to hear reasons. I haven't heard any yet._______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
