On Thu, 9 Jan 2014, Viktor Dukhovni wrote:
Should anyone insist of hmac-sha256, though, base32 would be necessary.
But I've yet to see any credible claims that sha1's vulnerabilities
affect hmac-sha1, so there shouldn't be a reason for sha2 or sha3.
Indeed, but if one really wants to avoid HMAC-SHA1 because it is
now unfashionable, one can use SHA2-224 to get a 56-byte label.
SHA2-224 would have my preference, as SHA1 is on its way out FIPS-wise
and it is just easing not having to maintain SHA1 exceptions to the
"disallow sha1" code paths.
A sensible administrator will keep the unhashed input names in a
configuration system that generates the corresponding DNS entries.
Yes, base32 is as unradable as a hash for the admin eye.
I think I'm fine with using sha2-224, if it saves us the hassle of doing
label splitting. But still a little worried about hashing various
character sets.
Paul
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
