SHA3 IANA registration - method?
dshaw at jabberwocky.com
Thu Dec 13 16:47:27 CET 2012
On Dec 12, 2012, at 4:09 PM, Andrey Jivsov <openpgp at brainhub.org> wrote:
> I wrote a draft to support SHA-3 Keccak in OpenPGP.
> I slowed down thinking about what to do about SHA1 fingerprints before I was distracted by unrelated things. My thought was that perhaps this draft should be used to resolve the issue of a SHA1 fingerprint by introducing a hardwired Keccac fingerprint.
> Ignoring the fingerprint issue, the rest of the spec should be straighforward. I am attaching the document that I created.
I'm pretty against combining the fingerprint issue and SHA-3. They're not really related, and combining them just ensures that the SHA-3 draft (which should be trivial and noncontroversial) will take many months if not longer. Changing fingerprints touches a huge amount of deployed code and needs careful design, but SHA-3 just needs an algorithm number allocated.
I'm all for a SHA-3 draft on its own, but is SHA-3 in a state where a draft is appropriate? There is no OID yet, and there is no RFC to refer to (there isn't even a NIST spec to refer to).
I'd wait a little while until these things are finished, and then the OpenPGP SHA-3 draft can just point to them.
More information about the Gnupg-devel