On 18/05/15 16:46, Johannes Merkle wrote:
Kathleen Moriarty schrieb am 14.05.2015 um 15:58:
I agree with Stephen. My yes was because more secure options are defined, but
less would be good.
There was some discussion on this (admittedly by quite few participants) and my
summary was as follows
Question 3: Which (sub)set of protocols (hash function, MAC length) should be
selected?
- Johannes: SHA-256-192 as MUST, SHA-512-256 as SHOULD, all other can be MAY or
omitted.
- Uri: SHA-256-192 and SHA-384-320 as MUST, SHA-512-256 as SHOULD, and
SHA-224-??? as MAY
- Tom: AFAIU, he agrees with the preferences expressed by David, Johannes and
Uri.
- David: SHA-256-192 and SHA-512-384.
(In all the above cases, the preferences were not that strong, there was mainly
the wish to reduce the number of
protocols in the current draft.)
Then I suggested the subset as it is currently defined and everyone agreed. It
was a compromise. But considering the
individual opinions, It would be safe to delete the SHA-224 option.
Thanks for taking the time to discuss this, and eliminating some
options is good.
That said, I (still:-) think we're slightly doing the wrong thing here;
the additional options offer no real security benefit in this context
that I can see and nor does the truncation and the existence of
options has downsides. I suspect developers, testers and those
deploying might curse us for being a committee of compromisers:-)
But I asked and you thought about it, so in the absence of new
information, we're all set,
Thanks,
S.
_______________________________________________
OPSAWG mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsawg
