> SHA-3 is different, because for efficiency, NIST intends to use different > tuning parameters for different uses. So we might end up with one SHA3-256 > for MACs in TLS and IPsec, and a totally different SHA3-256 in certificate > signatures, and yet a third one used for HASH-DRBG. That means you can't > just label something "pin-sha3-256" and expect all implementations to > inter-operate. You'd need to write an RFC "The SHA-3 algorithm and its use > in key pinning", where you'd specify the parameters for SHA3 in this > context. >
This discussion is premature of course, but there will certainly be standard forms of SHA3 with short standard names hiding all of the current discussion of output sizes and capacities that are currently being discussed for the final SHA-3 spec. There will be some string like SHA3-256-X which everybody in the world will agree on the meaning of, we just don't know what yet.
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
