On Tue, Apr 22, 2014 at 10:43:18AM +0200, Petr Spacek wrote:
> 3) Algorithm agility:
> It is clear to me that SHA2-224 hashing is there "just" for privacy and
> nothing else. Still, I think it would be beneficial to have algorithm
> agility built-in.
In this specification sha2-224 does not play a security role. It
is used not for privacy but rather as a short-enough and yet strongly
collision resistant representation of potentially longer email
addresses that would not fit into a DNS label. It is expected that
the number of email addresses with SMIMEA or OPENPGP keys in any one
domain will be substantially less than 2^{112} (~ 10^{34}). A domain
with 10^9 users will have two users with the same lookup key
with probability roughly 2^{-62} or ~10^{-16}.
There is no need for "algorithm agility" here. This is a lookup
key construct, not a tamper-resistant signature. In fact multiple
algorithms would be entirely counter-productive in this context.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
