Re: [Isms] fingerprint TCs and hash types

To: Wes Hardaker <wjhns1 at hardakers.net>
Subject: Re: [Isms] fingerprint TCs and hash types
From: Juergen Schoenwaelder <j.schoenwaelder at jacobs-university.de>
Date: Fri, 11 Sep 2009 18:51:48 +0200
Cc: "isms at ietf.org" <isms at ietf.org>
Delivered-to: isms at core3.amsl.com
In-reply-to: <sd8wglio8d.fsf at wjh.hardakers.net>
List-archive: <http://www.ietf.org/mail-archive/web/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
Mail-followup-to: Wes Hardaker <wjhns1 at hardakers.net>, "isms at ietf.org" <isms at ietf.org>
References: <sdhbvamsp4.fsf at wjh.hardakers.net> <AC1CFD94F59A264488DC2BEC3E890DE508B7DECC at xmb-sjc-225.amer.cisco.com> <sdeiqel6sf.fsf at wjh.hardakers.net> <20090911045136.GA26629 at elstar.local> <sd8wglio8d.fsf at wjh.hardakers.net>
Reply-to: Juergen Schoenwaelder <j.schoenwaelder at jacobs-university.de>
User-agent: Mutt/1.5.20 (2009-06-14)

On Fri, Sep 11, 2009 at 03:51:14PM +0200, Wes Hardaker wrote:
> >>>>> On Fri, 11 Sep 2009 06:51:36 +0200, Juergen Schoenwaelder <j.schoenwaelder at jacobs-university.de> said:
> 
> JS> In general, I like this format. The downside of course is its length
> JS> compared to an OCTET STRING representation:
> 
> JS> sha-1	 20    65
> JS> sha-256	 32   103
> JS> sha-512	 64   199
> 
> Yep.  I thought about it.  But the upside of human readability and
> string management might outweigh it.  Most management tools do deal with
> hex <-> binary conversion fairly well, but this is still probably easier
> in the end.
> 
> Another win, though, is that the prefixes are already standardized and
> we don't need to do anything else.

There are networks (such as 802.15.4/6LoWPAN) where DTLS might be a
perfect fit since its session nature reduces per message overhead and
the message size constraints are significant here.
 
> JS> The second column shows the length of the hash and the third column
> JS> the length of the fingerprint (including the label). With sha-512, we
> JS> are still well below the common 255 octet boundary but the overhead is
> JS> significant and even the sha-1 fingerprint easily allows to ship an
> JS> additional varbind while still saving space.
> 
> If you're counting bytes in terms of bytes on the wire, you probably
> need to include the type encoding as well for the second column that
> holds the type which will be 2 OIDs in size length (adding in the length
> for the column OID and the value OID).  However, the results will still
> be small compared to the ascii encoding.

It does seem inconsistent to be on the one hand happy with an IANA
register for fingerprint names while you want unlimited number space
extensibility with OIDs. I vote for a small integer, if needed
partition the integer number space like we do for say security models.
Or simply ship a string such as "sha-1". (BTW, does the relevant RFC
specify how to create non-standard names, e.g. an "x-" escape?)  But
in general, I think we do not necessarily need to provide more
flexibility than the PKI specs provide.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>

Follow-Ups:
- Re: [Isms] fingerprint TCs and hash types
  - From: Wes Hardaker

References:
- [Isms] fingerprint TCs and hash types
  - From: Wes Hardaker
- Re: [Isms] fingerprint TCs and hash types
  - From: Joseph Salowey (jsalowey)
- Re: [Isms] fingerprint TCs and hash types
  - From: Wes Hardaker
- Re: [Isms] fingerprint TCs and hash types
  - From: Juergen Schoenwaelder
- Re: [Isms] fingerprint TCs and hash types
  - From: Wes Hardaker

Prev by Date: Re: [Isms] fingerprint TCs and hash types
Next by Date: Re: [Isms] fingerprint TCs and hash types
Previous by thread: Re: [Isms] fingerprint TCs and hash types
Next by thread: Re: [Isms] fingerprint TCs and hash types
Index(es):
- Date
- Thread

Re: [Isms] fingerprint TCs and hash types

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.