Re: Problem and errors with XML Encryption standard using ECDH and ConcatKDF key derivation function from Anders Rundgren on 2019-03-25 (public-web-security@w3.org from March 2019)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Mon, 25 Mar 2019 12:21:25 +0100
To: Stefan Santesson <stefan@aaa-sec.com>
Cc: public-web-security@w3.org
Message-ID: <CADEL5zvNNbaTzNZhw9phvQ_wPWMWS+1g3AJ2NGp-w3sBKnDWAA@mail.gmail.com>

Hi Stefan, JWE refer to the same NIST and it is heavily used with ECDH.  I
would take a peek into that.
anders@ietf-104

On Mon, 25 Mar 2019, 12:06 Stefan Santesson, <stefan@aaa-sec.com> wrote:

> I would like to clarify in short form what I’m asking for:
>
>
>
>    1. To have a clear understanding of the correct way to signal null
>    data in a parameter
>       1. “00” as in the example of ApplicationID in section 5.6.4
>       2. “” as in the example of PartyUinfo in section 5.6.4
>       3. “0800” as some have interpreted it reading section 5.4.1
>    2. Would it be OK to require implementations to only provide octets of
>    data (allow no padding bits) to allow interop with implementations not able
>    to handle arbitrary bitstring length?
>    3. Is there any reference implementations to test compliance against?
>    Or is there any implementations at all of ECDH encryption with XML sec?
>
>
>
> Again, thanks for any help.
>
>
>
> Stefan Santesson
>

Received on Monday, 25 March 2019 11:21:59 UTC