SHA-1 recommendations

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon May 18 17:38:26 CEST 2009


On 05/17/2009 10:20 PM, David Shaw wrote:
> I see no conflict in the RFC:  the list is ordered, and a random
> selection is perfectly conformant.

i just re-read that bit of the RFC, and while it's somewhat vague, i
think a reasonable interpretation is that it is indeed intended to be an
ordered, exhaustive list of algorithms supported, with most-preferred
algorithms listed first.  The relevant bits are:

>>  5.2.3.7.  Preferred Symmetric Algorithms
>> 
>>    (array of one-octet values)
>> 
>>    Symmetric algorithm numbers that indicate which algorithms the key
>>    holder prefers to use.  The subpacket body is an ordered list of
>>    octets with the most preferred listed first.  It is assumed that only
>>    algorithms listed are supported by the recipient's software.
>>    Algorithm numbers are in Section 9.  This is only found on a self-
>>    signature.
>> 
>> 5.2.3.8.  Preferred Hash Algorithms
>> 
>>    (array of one-octet values)
>> 
>>    Message digest algorithm numbers that indicate which algorithms the
>>    key holder prefers to receive.  Like the preferred symmetric
>>    algorithms, the list is ordered.  Algorithm numbers are in Section 9.
>>    This is only found on a self-signature.

so pref-sym-algos is explicitly "most preferred listed first" and
pref-hash-algos is ordered like pref-sym-algos.

furthermore, pref-sym-algos says that "only algorithms listed are
supported".  This is different from "only supported algorithms are
listed", and is equivalent to "algorithms not listed are not supported".

Granted, the above distinction is only explicitly for pref-sym-algos,
but it is not unreasonable to interpret 5.2.3.8 as implying the same
thing ("Like the preferred symmetric algorithms...").

I think a strong case can be made *for* adjusting the
default-preference-list to include the longer SHA-2 algos, and to order
them first.  Are there arguments against doing so?

Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090518/cd31cdf8/attachment.pgp>


More information about the Gnupg-devel mailing list