On 22.4.2014 14:49, Viktor Dukhovni wrote:
On Tue, Apr 22, 2014 at 10:43:18AM +0200, Petr Spacek wrote:
3) Algorithm agility:
It is clear to me that SHA2-224 hashing is there "just" for privacy and
nothing else. Still, I think it would be beneficial to have algorithm
agility built-in.
In this specification sha2-224 does not play a security role. It
Hmm, I should have read section 5.1 more than once :-)
is used not for privacy but rather as a short-enough and yet strongly
collision resistant representation of potentially longer email
addresses that would not fit into a DNS label. It is expected that
There is no need for "algorithm agility" here. This is a lookup
key construct, not a tamper-resistant signature. In fact multiple
Just to be clear - I have never used term "tamper-resistant" in this context.
algorithms would be entirely counter-productive in this context.
I agree. I'm sorry for the noise created by my comment (3).
My comments (1), (2) and the second e-mail with question about CERT RR still
apply.
--
Petr^2 Spacek
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
