Re: Please review: proposed FIPS reference changes for XML Signature, Second Edition from Juan Carlos Cruellas on 2008-03-19 (public-xmlsec-maintwg@w3.org from March 2008)

From: Juan Carlos Cruellas <cruellas@ac.upc.edu>
Date: Wed, 19 Mar 2008 11:03:06 +0100
CC: XMLSec XMLSec <public-xmlsec-maintwg@w3.org>
Message-ID: <47E0E4DA.1080105@ac.upc.edu>

These changes are also acceptable for UPC's implementation

Regards

Juan Carlos.
Sean Mullan escribió:
> 
> These changes are acceptable for Sun's implementation.
> 
> --Sean
> 
> Frederick Hirsch wrote:
>>
>> We have two issues related to the FIPS references in the XML Signature 
>> draft
>>
>> 1. We reference FIPS 186-2 for DSS, with a URI that doesn't exist any 
>> more:
>>
>>   http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#ref-DSS
>>
>> Proposal is to update that link from:
>>
>>   http://csrc.nist.gov/publications/fips/fips186-2/fips186-2.pdf
>>
>> to:
>>
>>   http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf
>>
>> The change notice section notes a restriction related to  the DSA 
>> modulus, and also changes related to random number generation.
>>
>> It is important that participants in the XML Signature, Second Edition 
>> WG indicate whether changing this reference is an issue (or not) for 
>> their implementations. Please send a message to the members list 
>> noting whether the reference change is acceptable or not.
>>
>> 2. We reference FIPS 180-1 for SHA-1:
>>
>>   http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#ref-SHA-1
>>
>> (FIPS 180-1 is also linked from section 6.2.1.)
>>
>> The links we are using for 180-1 are no longer working, and FIPS 180-1 
>> has been superseded by FIPS 180-2 (with a change notice).
>>
>> The proposal is to change the normative reference for SHA-1 to FIPS 
>> 180-2.
>>
>>   
>> http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf 
>>
>>
>> The change here seems to be to add additional hash algorithms which 
>> would not impact XML Signature, Second Edition.
>>
>> (It appears as though a FIPS 180-3 is scheduled for publication some 
>> time soon, which would in turn supersede 180-2.
>> http://csrc.nist.gov/publications/drafts/fips_180-3/draft_fips-180-3_June-08-2007.pdf 
>> )
>>
>> Please review these proposed changes  and post any suggestion or 
>> concern  on the public list (or for product/implementation 
>> acceptability or issues  on the members list). We would like to 
>> resolve this issue on the mailing lists this week if possible.
>>
>> Thanks
>>
>> regards, Frederick
>>
>> Frederick Hirsch, Nokia
>> Chair XML Security Specifications Maintenance WG
>>
>>
>>
>

Received on Wednesday, 19 March 2008 10:03:40 UTC