W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2008

[widgets] Digital Signatures questions for discussion

From: David Rogers <david.rogers@omtp.org>
Date: Fri, 14 Nov 2008 15:58:58 -0000
Message-ID: <4C83800CE03F754ABA6BA928A6D94A060174476C@exch-be14.exchange.local>
To: <public-webapps@w3.org>
Dear all,

 

In Mark Priestley's absence, he has asked me to forward these questions
for discussion within WebApps, with the intention of this group
submitting  to the XML Digital Signatures group. These questions are in
response to the discussions at TPAC:

 

1. While it is recognised that there is a broad move to elliptic curve
techniques, please can you provide an explanation for your
recommendation that DSA should not be supported even with 2048 bit keys?


 

Note: We are aware that there is no published specification describing
the use of DSA with key lengths over 1024 but there is a NIST draft[1]
(publication process due to start before the end of the year). It has
also been noted that there are concerns around licensing on elliptic
curve technologies. 

 

2. Please can you explain in more detail how you would propose to use
the profile element?

 

3. Similarly, please can you explain how the addition of the timestamp
would help with the revocation process? We assume that you require the
timestamp to come from a Trusted Timestamp Authority

 

[1]
http://csrc.nist.gov/publications/drafts/fips_186-3/Draft-FIPS-186-3%20_
March2006.pdf 

 

 

Thanks,

 

 

David.

 

David Rogers
OMTP Director of External Relations 
Received on Friday, 14 November 2008 15:59:36 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:28 GMT