Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport

To: martin.rex at sap.com
Subject: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
From: Eric Rescorla <ekr at networkresonance.com>
Date: Tue, 04 Mar 2008 12:56:44 -0800
Cc: tls at ietf.org, RDugal at certicom.com, paul.hoffman at vpnc.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <200803042045.m24KjKdb014266 at fs4113.wdf.sap.corp>
List-archive: <http://www.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <20080304180413.C5F7A5081A at romeo.rtfm.com>
Sender: tls-bounces at ietf.org
User-agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)

At Tue, 4 Mar 2008 21:45:20 +0100 (MET),
Martin Rex wrote:
> 
> Eric Rescorla wrote:
> > 
> > At Tue, 4 Mar 2008 09:58:29 -0800,
> > Paul Hoffman wrote:
> > > 
> > > At 6:19 AM -0500 3/4/08, Rob Dugal wrote:
> > > >section 7.4.1.4.1
> > > >
> > > >Why is SHA-224 not supported as a HashAlgorithm? For completeness 
> > > >shouldn't TLS 1.2 support all the SHA-2 algorithms?
> > > 
> > > Not everyone agrees with the utility of SHA-224, particularly in a 
> > > protocol where AES-128 is mandatory to implement.
> > 
> > Indeed. 
> > 
> > If you want a MAC with effective algorithmic security the same as
> > SHA-256 but shorter, that's what truncated MACs are for.
> 
> SHA-224 is effectively that:
> 
>    SHA-224 is based on SHA-256, but it uses an different
>    initial value and the result is truncated to 224 bits.

Yes, that's my point.

Shaving 4 bytes off of the packet size when the MAC is 32
bits is of extremely marginal value. If what you want is
a MAC that has the same algorithmic security as SHA-256
but you're worried about packet size, use SHA-256 truncated
to 80 bits with the truncated_mac extension.

-Ekr

_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
  - From: Rob Dugal

References:
- Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport Layer Security (TLS) Protocol Version 1.2) to Proposed Standard
  - From: Eric Rescorla
- Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
  - From: Martin Rex

Prev by Date: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
Next by Date: [TLS] draft-ietf-tls-rfc4346-bis-09 LC comments (1)
Previous by thread: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
Next by thread: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
Index(es):
- Date
- Thread

Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.