SHA3 IANA registration - method?

Andrey Jivsov openpgp at
Thu Dec 13 21:46:51 CET 2012

Yes, there is no FIPS document that specifies the SHA-3 yet. We should 
expect that NIST will be produce it a few months; it is mostly an 
editorial matter at this point. There are test vectors on that should continue to work.

The main unknown that the FIPS document will solve is which hash sizes 
it will decide to mandate, plus, the fact that we need a hard reference 
to list in the OpenPGP Keccak spec.

We also need to wait for the OIDs for the hash algorithms (remember 
that's what we do in OpenPGP).

These dependencies are listed on the front page of the spec I sent.

If there is no interest to fix collision weakness of OpenPGP 
fingerprints in the same spec, this makes things easier. The issue in my 
mind is that OpenPFP fingerprint and SHA-3 may be dependent if the 
OpenPGP community is to adapt the hardwired SHA-3 fingerprints. In this 
case we would have two methods: old/new SHA-1/SHA-3 fingerprints. With 
this situation one would need to differentiate/optimize regarding which 
fingerprint to use and so things like hash preferences on the keys may 
play some role here. While I also agree that SHA-3 in OpenPGP should 
only be concerned with SHA-3, it would be ideal if we wrote it with good 
ideas for the direction in which fingerprints will evolve.

Thank you

More information about the Gnupg-devel mailing list