From owner-svn-src-head@freebsd.org  Wed Jun 20 13:33:35 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0C0061019C07;
 Wed, 20 Jun 2018 13:33:35 +0000 (UTC)
 (envelope-from bjkfbsd@gmail.com)
Received: from mail-oi0-x242.google.com (mail-oi0-x242.google.com
 [IPv6:2607:f8b0:4003:c06::242])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 6EF6F7ADC2;
 Wed, 20 Jun 2018 13:33:34 +0000 (UTC)
 (envelope-from bjkfbsd@gmail.com)
Received: by mail-oi0-x242.google.com with SMTP id i205-v6so3031678oib.1;
 Wed, 20 Jun 2018 06:33:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=x4PryzQQlw6Ni1tFgMQ5yjoxkYtoLyGGfK71WqYVlL0=;
 b=MNyLVUGKyZdcvmj8/5t0gl7kRrnEZhLXuRifMfmRklrrNswHAbdnuu8mCosHogb6y2
 MlEMCFm0iSgMVKxMZKEiVsERovUjEGYIBai5VuoxQ6IH6ktJPsiD6CSwR9h8aInbRpkQ
 OK1R/oqJHEOXmF8yaEweSVXFCHIznd0RNsgaEF/um+CWVF+H59VuyIGIOMsJ0IUfuBP+
 /m/nnETL71vo5HZx6HRE/CI/qPf7hYgifur/1Jr6TCy8l1popL3zJkYWvTrkK3emPW5I
 Zy3YF5v4D14SKu6pT8zBJNJhss43lrALxogndQepv+RANHay5OLII7f57/N8jwM7aRzK
 ZQJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=x4PryzQQlw6Ni1tFgMQ5yjoxkYtoLyGGfK71WqYVlL0=;
 b=WRVRy5PET394WoY7hnTouPAO21vqzv24N+hO6sWofZ7ZXSBJ6I8Zp6lKOR9BGWekTk
 YUQg3UQ9ea/ee3zUQFalqNL+UUhQW2Eyc+7V3wHIi/pr3X7E+RgkJ/5VwsS9C97eL8/N
 73RCstuW7O63JJgFjlolDcHDAwV8as4qAfbbcjkUTLeHEGaI1+WKwREXls9JApW7oNzt
 ykbHCw6AngijfYtRdrQW5TSyXN/eTSFAhHHJ2UAgQMqZYoaorrDpoeGRQnO1wYEGgknY
 fXwriJn0KZ9cVVeJmGgRtAdC4ufiwgFkuNZg3G7eKM+XegQWWatm48zsUw1R9qcEwWt7
 dm4g==
X-Gm-Message-State: APt69E0lIQcTUH+mBQsh9UHZNIfipFtxyDkzRzAYrQwdNomvtIfAYHTT
 LHE/qXsLw1lmwnLZsmEtCWkEinfu5GiVrI+B2XU=
X-Google-Smtp-Source: ADUXVKKi2pwUcLU4weU+PTIg8H+LKK+vEDW3eNqMOGg450bsTxhZrai7/7XvYJuzG96uIdsDnK1tWZ3Mo+IFnnBmuos=
X-Received: by 2002:aca:e34b:: with SMTP id
 a72-v6mr12380245oih.117.1529501613895; 
 Wed, 20 Jun 2018 06:33:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a9d:4e8c:0:0:0:0:0 with HTTP; Wed, 20 Jun 2018 06:33:33
 -0700 (PDT)
In-Reply-To: <96021.1529475664@kaos.jnpr.net>
References: <201806200108.w5K18sIR050132@repo.freebsd.org>
 <CAG6CVpV124ze+Y6xX2ZFqbM+3hJNEJWR2qpnChpey=PmiW6qXg@mail.gmail.com>
 <96021.1529475664@kaos.jnpr.net>
From: Benjamin Kaduk <bjkfbsd@gmail.com>
Date: Wed, 20 Jun 2018 08:33:33 -0500
Message-ID: <CAJ5_RoBvwNH7-ZCd3LxtXg21TE49uX2y35Jwa6MM+wn+X0_wUQ@mail.gmail.com>
Subject: Re: svn commit: r335402 - head/sbin/veriexecctl
To: "Simon J. Gerraty" <sjg@juniper.net>
Cc: "cem@FreeBSD.org" <cem@freebsd.org>, svn-src-head@freebsd.org,
 svn-src-all@freebsd.org, src-committers <src-committers@freebsd.org>,
 "Stephen J. Kiernan" <stevek@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.26
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jun 2018 13:33:35 -0000

On Wed, Jun 20, 2018 at 1:21 AM, Simon J. Gerraty <sjg@juniper.net> wrote:

> Conrad Meyer <cem@freebsd.org> wrote:
>
> > There's absolutely no reason to use sha1 or ripemd in new designs.
> > These should be removed.
>
> Sorry I disagree - not with ripem (we never supported that or any of the
> non-NIST approved hashes), but sha1 is still approved by NIST for
> firmware integrity checks - which is what this is, and sha1 is cheaper
> than sha256.
>
> As I mentioned in my talk we've included support for sha256 for 10+
> years, but do not plan to drop sha1 until NIST deprecate it for that
> purpose since boot time is a very sensitive subject for us.
>


With all due respect, NIST is hardly the sole authority on this topic.
Over in the IETF, we have the SUIT working group that is even considering
hash-based signatures for firmware updates for post-quantum resistance
(so that devices can be shipped now that have 20-year lifecycles can have
some expectation of retaining the ability to securely take updates over that
lifecycle, admittedly).

With my IETF Security Area Director hat on, any greenfield proposal coming
in
to the IESG that included sha1 support would get extremely strong pushback,
and I don't expect that "reducing boot time" would be seen as sufficiently
compelling.

-Ben