Hi Rob, I'm not aware of any precise analysis supporting the 12 byte minimum size but I believe it is reasonable and in line with the lower end of the range of hash sizes typically standardized by the IETF these days.
Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e...@gmail.com On Fri, Oct 9, 2020 at 5:23 AM Rob Wilton (rwilton) <rwil...@cisco.com> wrote: > > Hi Donald, > > > -----Original Message----- > > From: Donald Eastlake <d3e...@gmail.com> > > Sent: 09 October 2020 00:47 > > To: Rob Wilton (rwilton) <rwil...@cisco.com> > > Cc: The IESG <i...@ietf.org>; draft-ietf-dnsop-dns-zone-dig...@ietf.org; > > Tim Wicinski <tjw.i...@gmail.com>; <dnsop@ietf.org> <dnsop@ietf.org>; > > dnsop-cha...@ietf.org > > Subject: Re: [DNSOP] Robert Wilton's No Objection on draft-ietf-dnsop-dns- > > zone-digest-12: (with COMMENT) > > > > On Thu, Oct 8, 2020 at 7:18 AM Robert Wilton via Datatracker > > <nore...@ietf.org> wrote: > > > Robert Wilton has entered the following ballot position for > > > draft-ietf-dnsop-dns-zone-digest-12: No Objection > > > > > > ... > > > > > > ---------------------------------------------------------------------- > > > COMMENT: > > > ---------------------------------------------------------------------- > > > > > > ... > > > > > > 2.2.4. The Digest Field > > > > > > The Digest field MUST NOT be shorter than 12 octets. Digests for > > the > > > SHA384 and SHA512 hash algorithms specified herein are never > > > truncated. Digests for future hash algorithms MAY be truncated, > > but > > > MUST NOT be truncated to a length that results in less than 96- > > bits > > > (12 octets) of equivalent strength. > > > > > > When I read this, I wonder why the limit of 12 bytes was chosen. > > Possibly a > > > sentence that justifies why this value was chosen might be useful, > > noting that > > > the two suggested algorithms have significantly longer digests. > > > > To me, the purpose of the limit is to establish a minimum strength > > against brute force attacks. Of course, the hash algorithm also has to > > be strong but the length of the Digest field puts a sharp limit on the > > strength of a ZONEMD. > [RW] > > I absolutely agree on specifying a minimum value. My question is how was the > minimum length of "12 bytes" chosen? Is there some analysis performed that > indicates that this is the right minimal value, or is this just a "12 bytes > sounds like enough"? > > Regards, > Rob > > > > > > Note that for the same reason there is a similar provision from 2006 > > in RFC 4635, Section 3.1, point 4, which sets a minimum size of 10 > > bytes for the hashes that appear in TSIG RRs. > > > > Thanks, > > Donald > > =============================== > > Donald E. Eastlake 3rd +1-508-333-2270 (cell) > > 2386 Panoramic Circle, Apopka, FL 32703 USA > > d3e...@gmail.com > > > > > ... > > > > > > Regards, > > > Rob _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop