Re: FW: [OPS-DIR] review of draft-ietf-smime-rfc3287bis-07.txt

[Paul Hoffman <phoffman@xxxxxxx>]

At 6:44 PM +0200 5/25/09, Romascanu, Dan (Dan) wrote:
>From an operational perspective, my major concern would be whether
>specification of additional digest algorithms could be expected once
>the new NIST digest algorithm is chosen in the not-too-distant future.

The date of release of SHA-3 (aka AHS) is unknown. NIST has a roadmap with a timetable in it, but those are goals, not commitments of any sort.

>While it's hard to fault the authors for not providing guidance relating to
>a not-yet-chosen algorithm, much of motivation for deployment of
>algorithms such as SHA-256 relates to a desire to address weaknesses
>found in SHA-1.  Given that it is possible that NIST will choose algorithm(s)
>from another family, one wonders whether the additional digest algorithms
>specified in this document will end up being more than a temporary
>measure.

That is far from clear. NIST could, for example, choose a hash function that sucks on one axis in exchange for it being provably wonderful on another, and that would have a big effect on whether people would use the new algorithms in different protocols.

Part of the purpose of the hash competition is to increase the crypto community's understanding of hashes in general, not just coming up with a new one. It is quite likely that the outcome of that is a greater understanding of SHA-2, and therefore a greater understanding of its expected lifetime. Right now, all of this is hand-waving.