--On Friday, July 09, 2010 01:21:21 PM -0500 Nicolas Williams
<[email protected]> wrote:
On Fri, Jul 09, 2010 at 01:07:34PM -0500, Nicolas Williams wrote:
On Fri, Jul 09, 2010 at 10:40:01AM -0700, Bill Sommerfeld wrote:
> I'm told that folks evaluating cryptographic protocols generally
> prefer to see suites of algorithms defined together rather than
> allowing the user to arbitrarily mix and match; this generally
> reduces the number of possibilities to evaluate and also eliminates
> silly combinations where one algorithm is much weaker than the
> other.
It... depends.
For example, SSHv2 negotiates various algorithms separately and
concurrently:
Though for public key algorithms SSHv2 does NOT negotiate hash and
public key algorithms separately. I can't think of any modern Internet
protocol that does _that_. I'd strongly argue against negotiating
signature and signature hash algorithm separately.
I can't think of any protocol that does that, either.
A signature is a hash signed by a public key; the choice of hash and public
key algorithms is _not_ independent and I know of no application that
pretends otherwise. Doing that here is, I think, counterindicated.
-- Jeff
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
