[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [saag] RE: No need for SHA-2 Packet Authentication - Open Let ter to the WG a nd Area Directors
On Monday, July 22, 2002, at 01:39 , Hallam-Baker, Phillip wrote:
> Given that the only party for whom SHA-256 use is postulated as being
> mandated is the US federal government, has anyone from the US federal
> govt.
> actually stated that they intend to make SHA-256 a requirement over
> SHA-1?
Yes. I've heard from USG folks that NIST will be making SHA-256 a FIPS
requirement (in at least some situations). I don't know whether or
claim that
such a decision would necessarily mean deprecating SHA-1. My own
assumption
is that more than one hash could co-exist, each with its own uses.
> My understanding is that the new SHA hashes are supplemental to SHA-1
> and
> that the accreditation for SHA-1 is unaffected (at least for the
> moment).Certainly one would hope to see DSA updated before SHA-1 is
> withdrawn!
Requiring FOO in some applications would not necessarily imply
deprecating BAR.
I think you are coupling things together that are not necessarily coupled
in the quoted text above.
But, as I noted originally, USG customers might prefer SHA-256 over
SHA-1-bis
regardless of what the IETF says is an IETF standard.
Ran
rja@extremenetworks.com