On Tue 2019-02-19 12:28:08+1100 Mark wrote: > Where is the need to use SHA-3? This is introducing a new algorithm > for the sake of introducing a new algorithm. Just because TLS 1.3 > uses SHAKE128 is not a reason for DNS to use SHAKE128. There are > plenty of platforms that don’t need to use TLS at all. They don’t > have web interfaces. Transaction security is provided by something > other than TLS. > > There are also lots of old server platforms that just won’t ever > upgrade their OpenSSL package. Adding SHA-3 creates yet another > dependancy / impediment-to upgrading the DNS server.
I agree with Mark. Even the draft says: 5. Cryptographic Hash Requirements The cryptographic hash algorithm used SHOULD provide the following properties: 1. Well known algorithm with implementations easily available I have no objections to SHAKE128 being one of the supported algorithms, but one of the SHA-2 algorithms should be selected for MUST implement. -- Robert Story <http://www.isi.edu/~rstory> USC Information Sciences Institute <http://www.isi.edu/> _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
