--On 8-2-2005 9:42 -0800 Jon Callas <jon@xxxxxxxxxx> wrote:
I almost cringe to suggest this, but I will. Triple-DES is pretty much obsolete. Yesterday, I saw that NIST announced they're moving to stronger hashes. Does anyone object to changing the MUST cipher to AES (I'd pick 128) and MUST hash to SHA-256?
Regarding SHA-256: would that mean switching to SHA-256 for key fingerprints as well? (shouldn't v5 keys be introduced then?) And use SHA-256 for MDC packets?
Or is it just adding a MUST implement, so applications can use SHA-256 for document signatures with RSA keys only? (as DSA forces one to use SHA-1 anyway)
IMHO, the first is what should be done at some point, but that's a really big change: all implementations out there need to be upgraded. Wouldn't that conflict with getting the current draft on standards track?
I do not see the point of the second option: as long as keys are only protected by a 160 bit figerprint, there is not much point protecting document signatures with longer hashes. It may be harder to generate a collision resulting in a valid key, then it is to generate a collision resulting in just some other random document, but I do not think it is wise to count on such an assumption.
-- Edwin