Hi Rob,

I'm not aware of any precise analysis supporting the 12 byte minimum
size but I believe it is reasonable and in line with the lower end of
the range of hash sizes typically standardized by the IETF these days.

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e...@gmail.com

On Fri, Oct 9, 2020 at 5:23 AM Rob Wilton (rwilton) <rwil...@cisco.com> wrote:
>
> Hi Donald,
>
> > -----Original Message-----
> > From: Donald Eastlake <d3e...@gmail.com>
> > Sent: 09 October 2020 00:47
> > To: Rob Wilton (rwilton) <rwil...@cisco.com>
> > Cc: The IESG <i...@ietf.org>; draft-ietf-dnsop-dns-zone-dig...@ietf.org;
> > Tim Wicinski <tjw.i...@gmail.com>; <dnsop@ietf.org> <dnsop@ietf.org>;
> > dnsop-cha...@ietf.org
> > Subject: Re: [DNSOP] Robert Wilton's No Objection on draft-ietf-dnsop-dns-
> > zone-digest-12: (with COMMENT)
> >
> > On Thu, Oct 8, 2020 at 7:18 AM Robert Wilton via Datatracker
> > <nore...@ietf.org> wrote:
> > > Robert Wilton has entered the following ballot position for
> > > draft-ietf-dnsop-dns-zone-digest-12: No Objection
> > >
> > > ...
> > >
> > > ----------------------------------------------------------------------
> > > COMMENT:
> > > ----------------------------------------------------------------------
> > >
> > > ...
> > >
> > >     2.2.4.  The Digest Field
> > >
> > >        The Digest field MUST NOT be shorter than 12 octets.  Digests for
> > the
> > >        SHA384 and SHA512 hash algorithms specified herein are never
> > >        truncated.  Digests for future hash algorithms MAY be truncated,
> > but
> > >        MUST NOT be truncated to a length that results in less than 96-
> > bits
> > >        (12 octets) of equivalent strength.
> > >
> > > When I read this, I wonder why the limit of 12 bytes was chosen.
> > Possibly a
> > > sentence that justifies why this value was chosen might be useful,
> > noting that
> > > the two suggested algorithms have significantly longer digests.
> >
> > To me, the purpose of the limit is to establish a minimum strength
> > against brute force attacks. Of course, the hash algorithm also has to
> > be strong but the length of the Digest field puts a sharp limit on the
> > strength of a ZONEMD.
> [RW]
>
> I absolutely agree on specifying a minimum value.  My question is how was the 
> minimum length of "12 bytes" chosen?  Is there some analysis performed that 
> indicates that this is the right minimal value, or is this just a "12 bytes 
> sounds like enough"?
>
> Regards,
> Rob
>
>
> >
> > Note that for the same reason there is a similar provision from 2006
> > in RFC 4635, Section 3.1, point 4, which sets a minimum size of 10
> > bytes for the hashes that appear in TSIG RRs.
> >
> > Thanks,
> > Donald
> > ===============================
> >  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
> >  2386 Panoramic Circle, Apopka, FL 32703 USA
> >  d3e...@gmail.com
> >
> > >     ...
> > >
> > > Regards,
> > > Rob

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to