W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

RE: [widget-digsig] proposed change to 7.1, common constraints, for algorithms

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Thu, 19 Mar 2009 10:20:39 -0400
Message-Id: <003299D1-B1F0-4474-B7DC-AF1CC2466C42@nokia.com>
To: public-webapps@w3.org
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, Mark Priestley <Mark.Priestley@vodafone.com>
Mark

I'll change the sentence to read

"The ds:Signature MUST be produced using a key of the recommended key  
length or stronger."

Probably should change term from "recommended key length" to "minimum  
key length".

Later when we update algorithms we probably should review whether we  
need key length defined for each algorithm but can defer for now.

Will this change of sentence work ?

Thanks

regards, Frederick

Frederick Hirsch
Nokia

(for some reason this message of yours did not reach my personal  
inbox, but it was on the list)

Hi Frederick, I agree with all of your changes with two comments. The  
sentence: "The Signature  MUST be produced using a key of the  
recommended key length <http://dev.w3.org/2006/waf/widgets-digsig/#recommended-key-length 
 > " is still problematic given that we allow (although discourage)  
key lengths less than the recommended key length, and probably don't  
want to rule out the use of longer keys. Suggest changing to: "The  
Signature SHOULD be produced using a key of the recommended key length  
<http://dev.w3.org/2006/waf/widgets-digsig/#recommended-key-length> .  
The Signature MUST comply with Signature method algorithm requirements  
in the Algorithms section of this document" I also think we need to  
link recommended key length to algorithms now we allow other  
algorithms to be used, ie if ECDSA is used it would be OK to use  
shorter keys. Thanks, Mark _
Received on Thursday, 19 March 2009 14:23:10 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:30 GMT