while i would also like to see less use of sha-1 in new network protocols... limiting the SKI length to a fixed 20 bytes is not really a bad idea for implementation efficiency and interoperability. as Sean points out, rfc7093's straight forward (leftmost 160 bits --20bytes) of a SHA-2 algorithm digest works well for the use of a hash value in this particular context (generating Key Identifiers).. mA From: Sean Turner <[email protected]> To: Stephen Farrell <[email protected]> Cc: [email protected]; [email protected]; The IESG <[email protected]>; [email protected]; [email protected] Sent: Wednesday, January 4, 2017 10:48 AM Subject: Re: [sidr] Stephen Farrell's Discuss on draft-ietf-sidr-bgpsec-protocol-21: (with DISCUSS and COMMENT)
> On Jan 4, 2017, at 08:53, Stephen Farrell <[email protected]> wrote: > > Stephen Farrell has entered the following ballot position for > draft-ietf-sidr-bgpsec-protocol-21: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-protocol/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > > > I have a couple of fairly straightforward things I'd > like to briefly discuss... > > (1) 3.2/Figure 7: A fixed 20 byte SKI being a sha-1 hash > of the public key is a bad plan, for all the usual > reasons. Why is it ok for that to be hardcoded here when > it could change if/when new alg choices are made for the > RPKI? If it is not too late then I think you should add a > length or alg field to that. If it is too late to do that, > then are we really ok that you will need to rev the BGPsec > version number in order to get rid of all sha-1 code from > your implementation? That seems like a bad plan for a new > protocol. Not sure it absolutely needs a length field; if the RPKI does ever decide to change to another hash algorithm for SKI, e.g., SHA-256/384/512, or to change to a hash of the SubjectPublicKeyInfo they could always the procedures from https://datatracker.ietf.org/doc/rfc7093/ to generate the values for a 20-byte value. spt _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
