W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

RE: [widget-digsig] Pls review: Additional considerations on elliptic curve algorithms to consider

From: Priestley, Mark, VF-Group <Mark.Priestley@vodafone.com>
Date: Thu, 23 Apr 2009 09:31:43 +0200
Message-ID: <0BE18111593D8A419BE79891F6C4690902DA5E94@EITO-MBX01.internal.vodafone.com>
To: "Frederick Hirsch" <frederick.hirsch@nokia.com>, "Web Applications Working Group WG" <public-webapps@w3.org>
Cc: "Babbage, Steve, VF-Group" <Steve.Babbage@vodafone.com>
Hi Frederick, All,

Vodafone supports the move to support ECDSA in XML Signature 1.1 [2] and
welcomes the new clarifying text. Vodafone will not object to
ECDSAwithSHA256 being specified as mandatory [2] however we would like
to propose that it is a recommended algorithm in Widgets 1.0: Digital
Signatures [5] (e.g. a SHOULD).

Regards,

Mark
     

-----Original Message-----
From: public-webapps-request@w3.org
[mailto:public-webapps-request@w3.org] On Behalf Of Frederick Hirsch
Sent: 08 April 2009 11:30
To: Web Applications Working Group WG
Cc: Frederick Hirsch
Subject: [widget-digsig] Pls review: Additional considerations on
elliptic curve algorithms to consider

The XML Security WG would like to refine the question about the   
suitability of elliptic curve as a mandatory to implement algorithm   
for XML Signature 1.1 by highlighting that the  scope of elliptic   
curve is greatly limited in what is proposed to be mandatory in XML   
Signature 1.1.

As T-Mobile pointed out previously in their comments [1], the specific
curve being used in an instance of ECDSA is important and there are a  
few sets of well-known ("named") curves that have been standardized.   
The P-256, P-384 and P-521 curves are three of the five NIST-defined
prime curves.

Since the publication of the First Public Working Draft of XML   
Signature 1.1, the following clarifying text was added by the XML
Security WG to  the end of section 6.4.3 of XML Signature 1.1 [2]:

"This specification REQUIRES implementations to support the   
ECDSAwithSHA256 signature algorithm, which is ECDSA over the P-256   
prime curve specified in Section D.2.3 of FIPS 186-3 [FIPS186-3] (and   
using the SHA-256 hash algorithm). It is further RECOMMENDED that   
implementations also support ECDSA over the P-384 and P-521 prime   
curves; these curves are defined in Sections D.2.4 and D.2.5 of FIPS   
186-3, respectively."

It is important to realize  that by reducing the scope of the   
requirement to a specific curve that this should simplify evaluation    
of whether it is desirable to make this  mandatory to implement.

The XML Security WG would also like to note the importance of this   
algorithm to US Government customers, as evidenced by their adoption   
of Suite B [3]. This is reflected in the XML Security WG Use Cases and
Requirements document in section 3.5.2.3 [4].

These considerations can also apply to the decision of which    
algorithms should be required in Widget Signature.

Please share this additional information in your organization and   
indicate if it would cause any change in position regarding the   
mandatory to implement algorithms.

Thank you

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG


[1]
http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0842.html

[2]
http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm#sec-Si
gnatureAlg

[3] Fact Sheet NSA Suite B Cryptography,
http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml

[4] http://www.w3.org/TR/2009/WD-xmlsec-reqs-20090226/#algorithm-suiteb

[5] http://dev.w3.org/2006/waf/widgets-digsig/
Received on Thursday, 23 April 2009 07:32:38 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT