BOF Goals

In my involvement with IETF groups, one thing that has always struck me  
as a good thing is its decisions to stick to well-defined, practical  
matters. Furthermore, these have been more in layout than anything  
else. We don't like APIs, we like message transactions. Even when we  
venture into advice, it's always actionable, meaning that there are  
specific things that a practitioner can do. These preferences are  
positively cliché, none of us needs to read the words "rough consensus  
and working code" -- we've already been humming that tune in our heads.

It's therefore a bit unusual for me to ask one of my own cliché  
questions: What problem are we trying to solve? and have that be both  
genuine and backed with my own puzzlement. I don't know what we are  
doing, expect, plan, or even hope.

Yes, cryptographic engineering is in the uncomfortable situation  
presently that we're staring at embarrassing surprises with our present  
suite of hash functions. But the present-day workarounds are clear; we  
have hash functions that are good enough for the short and medium-term  
future. We also know that some uses of the present hash functions work  
just fine, thank you. (HMAC-MD5 springs to mind.)

As it has been stated, there are two problems we're looking at:

(1) truncating existing wide hashes for use in systems like DSA.

(2) to explore "randomized" hashes.

The first one is pretty easy to deal with, in the general case. We  
already addressed this in OpenPGP.