SHA3 IANA registration - method?
openpgp at brainhub.org
Fri Dec 14 18:55:46 CET 2012
On 12/14/2012 03:24 AM, Werner Koch wrote:
> On Thu, 13 Dec 2012 21:46, openpgp at brainhub.org said:
>> fingerprints in the same spec, this makes things easier. The issue in
>> my mind is that OpenPFP fingerprint and SHA-3 may be dependent if the
>> OpenPGP community is to adapt the hardwired SHA-3 fingerprints. In
> Which has not even be discussed. Back when the SHA-3 process started we
> said that we will wait for the outcome of it and only then start working
> on a a new key format. Whether this will use SHA-3 or SHA-2 needs to to
> discussed. Given that there is no real world experience with SHA-3, we
> can't assume anything at that point. And if we want to do go for a new
> key format I am in favor of rechartering the WG than to have the IETF
> decide on individual I-Ds for such changes.
The new key format is a much broader task. Perhaps I wasn't clear on
what motivated my comments on fingerprints. What I meant came as a
result of my review of the hash use in RFC 4880, done in the process of
writing the SHA3 draft that I sent out (this analysis is summarized in
the spec). My focus was of the weakening of security due of the SHA1 and
its deprecation by standard bodies. The use of fingerprints in OpenPGP
should be viewed as dependent on collision resistance of the hash
function, in our case, unfortunately, on the collision resistance of the
SHA1 without the path to upgrade the hash algorithm. Ideally, we should
plan ahead and have some solution that can be slowly introduced.
With this in mind I thought that it would be reasonable to deal with
this shorter term problem in fingerprints as a separate task. Rewriting
the key format seems like a bigger undertaking and I am not sure that
there is much demand for the new key format. In any case, we can wait
with new format longer than with SHA-1 deprecation.
More information about the Gnupg-devel