At 3:06 PM +0100 3/3/08, Denis Pinkas wrote: > >> >While I welcome this draft, everybody should take into >>>>consideration that, if the SHA2 family happens to be broken >>>>then we will be at risk. >>>>This should be mentioned into the security considerations section. >>> >>>If an algorithm is cracked then isn't it obvious that we're in trouble? No >>>other algorithm document I could find says something like this so I'm >>>inclined to not include this in the security considerations section. >> >>... or anywhere else. If any algorithm (hash, encryption, signing, >>...) is broken, it is broken. Sean's right here. > >The message is the following: if the SHA2 family is broken, then you >had better >to use two hash algorithms from a different family (e.g. use Whirlpool).
There is no consensus in the IETF that this statement is true. We have discussed it many times for many years. Adding such a sentence to this document without community agreement is wrong. >We should also reference >http://www.ietf.org/internet-drafts/draft-ietf-smime-multisig-04.txt >which allows to use two different hash functions (from different >families, if possible). That's also inappropriate, given that this document covers many uses of SHA2 that are not related to multisig. _______________________________________________ IETF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf
