RE: New version of rsa-sha2-512 draft posted: no more DSA

To: denis bider <ietf-ssh3%denisbider.com@localhost>, "ietf-ssh%netbsd.org@localhost" <ietf-ssh%netbsd.org@localhost>
Subject: RE: New version of rsa-sha2-512 draft posted: no more DSA
From: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Date: Fri, 6 Nov 2015 08:57:50 +0000

denis bider <ietf-ssh3%denisbider.com@localhost> writes:

>I have taken into account Damien's suggestion for rsa-sha2-512, and observed
>that there appears to be no reason to have rsa-sha2-256, if we have rsa-
>sha2-512. As far as I can tell, SHA-2 512 should be reasonably available
>everywhere that SHA-2 256 is available.

Uhh, that's more or less the opposite of the actual situation: SHA2-256 is
fast becoming the universal replacement for SHA-1, while SHA2-512 is the "oh,
there's another one alongside -256?" alternative.  For example Mozilla just
posted the following discussion item:

  In item #8 of the Maintenance Policy recommend that CAs avoid SHA-512 and
  P-521, especially in their CA certificates. This is to ensure
  interoperability, as SHA-512 and (especially) P-521 are less well-supported
  than the other algorithms.

So it should be MUST -256, MAY -512, at most.

(I can't see any good reason to have -512, it has little support, it's a pain
to do on 32-bit CPUs, it's slow, and it offers little to no practical security
advantage over -256).

Peter.

Follow-Ups:
- RE: New version of rsa-sha2-512 draft posted: no more DSA
  - From: Damien Miller
- Re: New version of rsa-sha2-512 draft posted: no more DSA
  - From: Niels Möller

References:
- New version of rsa-sha2-512 draft posted: no more DSA
  - From: denis bider

Prev by Date: Re: SSH key algorithm updates
Next by Date: RE: OpenSSH sabotages protocol extension
Previous by Thread: New version of rsa-sha2-512 draft posted: no more DSA
Next by Thread: Re: New version of rsa-sha2-512 draft posted: no more DSA
Indexes:

Home | Main Index | Thread Index | Old Index