Re: Removing SHA-224 from Ryan Sleevi on 2014-02-13 (public-webcrypto@w3.org from February 2014)

From: Ryan Sleevi <sleevi@google.com>
Date: Thu, 13 Feb 2014 09:07:48 -0800
To: Daniel McDonald <daniel@cx.com>
Cc: Richard Barnes <rbarnes@mozilla.com>, Alexey Proskuryakov <ap@webkit.org>, Harry Halpin <hhalpin@w3.org>, Israel Hilerio <israelh@microsoft.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CACvaWvYoGwb3xGzBuspQQzSvQjg4aBK6iFLyo5Nu-xWQDswoJA@mail.gmail.com>

On Feb 13, 2014 7:57 AM, "Daniel McDonald" <daniel@cx.com> wrote:
>
> FYI Java 8 is adding support for SHA-224: http://openjdk.java.net/jeps/130
>
> --
> Dan
>
>

It appears they are doing so absent use-cases or compelling reason, and
merely doing it for completion sake.

I would like to avoid that, if possible.

> On Thu, Feb 13, 2014 at 3:19 AM, Harry Halpin <hhalpin@w3.org> wrote:
>>
>> On 02/13/2014 06:28 AM, Ryan Sleevi wrote:
>>>
>>> Are there any objections for removing SHA-224?
>>>
>>> I note, for example, that Microsoft has chosen not to implement
SHA-224. It provides less security as SHA-256, but at the same performance
cost.
>>>
>>> I'm trying to think of a compelling reason for implementors to
implement SHA-224, and I can't find one, other than for completion sake. Do
we have any use cases for it?
>>>
>>
>> I was always under the impression that implementing less secure
primitives was only to be justified by real-world use-cases, not
completeness. Thus, I support the editor's removal of SHA-224.
>>
>>   cheers,
>>      harry
>>
>>
>>
>
>
>
> --
>
> daniel g. mcdonald | software engineer | cx, inc.
> (m) 480.326.4574
> skype: daniel.g.mcdonald | daniel@cx.com | www.cx.com

Received on Thursday, 13 February 2014 17:08:26 UTC