[widgets] Ben Laurie on OpenSSL algorithms (and Elliptic Curve) from Arthur Barstow on 2009-02-15 (public-webapps@w3.org from January to March 2009)

From: Arthur Barstow <Art.Barstow@nokia.com>
Date: Sun, 15 Feb 2009 10:30:17 -0500
To: public-webapps <public-webapps@w3.org>
Message-Id: <E71F8733-5DCE-42F7-8CF3-0DE5C224A44F@nokia.com>

With Ben Laurie's permission, below is an exchange regarding OpenSSL  
and its support for various algorithms.

-Regards, Art Barstow

Begin forwarded message:

> From: ext Ben Laurie <benl@google.com>
> Date: January 22, 2009 11:41:37 PM EST
> To: "Hirsch Frederick (Nokia-CIC/Boston)" <Frederick.Hirsch@nokia.com>
> Cc: "Barstow Art (Nokia-CIC/Boston)" <Art.Barstow@nokia.com>
> Subject: Re: OpenSSL algorithms (and Elliptic Curve)
>
> On Fri, Jan 23, 2009 at 3:54 AM, Frederick Hirsch
> <frederick.hirsch@nokia.com> wrote:
>> Ben
>> I have a question related to OpenSSL that is relevant to the W3C  
>> Widgets
>> work in the Web Applications WG, as well as the W3C XML Security WG.
>>
>> It looks to me, looking at the Open SSL openssl-0.9.8j  
>> distribution, that
>> elliptic curve is included by default. Is that a correct  
>> interpretation?
>
> Yes, I believe so.
>
>> (I
>> assume this is the Sun contribution that was made earlier[1]?)
>> The README appears to be slightly out of date, and I was not able  
>> to find a
>> list of supported algorithms. Do you know if the following  
>> algorithms are
>> included in the latest OpenSSL release?
>
> I think so, but without checking the code I can't be sure, and I'm
> travelling right now. Except DSAwithSHA1, which has always been there.
> I thought (but I could be behind the times) that DSAwithSHA256 had not
> yet been standardised?
>
>> digest
>> SHA-256
>> mac
>> HMAC-SHA256
>> signature
>> RSAwithSHA256
>> ECDSAwithSHA256
>> DSAwithSHA1
>> DSAwithSHA256
>>
>> One reason I ask is that the W3C XML Security WG has 1.1 drafts of  
>> XML
>> Signature [2] and XML Encryption [3] that contain an algorithm  
>> update, and
>> I'd like to understand which of these are already in OpenSSL. This  
>> could
>> also impact widgets adoption.
>> Do you have any comment on the IPR status of elliptic curve as  
>> viewed by
>> OpenSSL?
>
> No, we try to avoid having views on IPR.
>
>> If you have any comment on the XML Signature 1.1 or XML Encryption  
>> 1.1
>> changes, please let me know.
>> Thanks
>> regards, Frederick
>> Frederick Hirsch
>> Nokia
>> [1] http://research.sun.com/projects/crypto/ 
>> FrequenlyAskedQuestions.html
>> [2] http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/ 
>> Overview_diff.htm#sec-AlgID
>> [3] http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/ 
>> Overview_diff.htm
>>

Received on Sunday, 15 February 2009 15:31:07 UTC