[cabfpub] SHA-1 Collision Found

Adam Langley agl at google.com
Fri Feb 24 20:11:25 UTC 2017

On Fri, Feb 24, 2017 at 12:03 PM, Rob Stradling <rob.stradling at comodo.com>

> Hi Adam.  I agree that having more options just for the sake of having
> more options isn't actually helpful.  Enough options to achieve sufficient
> diversity is enough.
> How much do we care about NIST's blessing these days?

(Much, much less than a decade ago?)

> EdDSA/Curve25519/etc isn't a NIST product.


Is there a case for using BLAKE2 for certificate signatures _instead_ of
> using SHA-3?
> Performance does matter for other uses of hash algorithms, so why not
> settle on using BLAKE2 for everything (and not implement SHA-3 at all)?

Frankly, I'm up for it :) But the bulk of this work isn't getting browsers
to support something, it's getting the long-tail of devices to support
something and the pressure that we'll have to exert to make it happen. They
might get more upset at BLAKE2 than something with a NIST stamp on it.

(Although, I was just about to note that they often use OpenSSL and OpenSSL
surely will support SHA-3 before BLAKE2. But it appears I'm wrong and
OpenSSL has had BLAKE2 for nine months and still lacks SHA-3?)


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170224/bebecdf8/attachment-0003.html>

More information about the Public mailing list