W3C home > Mailing lists > Public > public-xmlsec-maintwg@w3.org > March 2008

Re: Please review: proposed FIPS reference changes for XML Signature, Second Edition

From: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>
Date: Thu, 20 Mar 2008 08:15:48 +0100
Message-ID: <47E20F24.4060503@iaik.tugraz.at>
To: public-xmlsec-maintwg@w3.org
These changes are also acceptable for IAIK's implementation.

Regards
Konrad Lanz

Juan Carlos Cruellas wrote:
> These changes are also acceptable for UPC's implementation
>
> Regards
>
> Juan Carlos.
> Sean Mullan escribió:
>   
>> These changes are acceptable for Sun's implementation.
>>
>> --Sean
>>
>> Frederick Hirsch wrote:
>>     
>>> We have two issues related to the FIPS references in the XML Signature 
>>> draft
>>>
>>> 1. We reference FIPS 186-2 for DSS, with a URI that doesn't exist any 
>>> more:
>>>
>>>   http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#ref-DSS
>>>
>>> Proposal is to update that link from:
>>>
>>>   http://csrc.nist.gov/publications/fips/fips186-2/fips186-2.pdf
>>>
>>> to:
>>>
>>>   http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf
>>>
>>> The change notice section notes a restriction related to  the DSA 
>>> modulus, and also changes related to random number generation.
>>>
>>> It is important that participants in the XML Signature, Second Edition 
>>> WG indicate whether changing this reference is an issue (or not) for 
>>> their implementations. Please send a message to the members list 
>>> noting whether the reference change is acceptable or not.
>>>
>>> 2. We reference FIPS 180-1 for SHA-1:
>>>
>>>   http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#ref-SHA-1
>>>
>>> (FIPS 180-1 is also linked from section 6.2.1.)
>>>
>>> The links we are using for 180-1 are no longer working, and FIPS 180-1 
>>> has been superseded by FIPS 180-2 (with a change notice).
>>>
>>> The proposal is to change the normative reference for SHA-1 to FIPS 
>>> 180-2.
>>>
>>>   
>>> http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf 
>>>
>>>
>>> The change here seems to be to add additional hash algorithms which 
>>> would not impact XML Signature, Second Edition.
>>>
>>> (It appears as though a FIPS 180-3 is scheduled for publication some 
>>> time soon, which would in turn supersede 180-2.
>>> http://csrc.nist.gov/publications/drafts/fips_180-3/draft_fips-180-3_June-08-2007.pdf 
>>> )
>>>
>>> Please review these proposed changes  and post any suggestion or 
>>> concern  on the public list (or for product/implementation 
>>> acceptability or issues  on the members list). We would like to 
>>> resolve this issue on the mailing lists this week if possible.
>>>
>>> Thanks
>>>
>>> regards, Frederick
>>>
>>> Frederick Hirsch, Nokia
>>> Chair XML Security Specifications Maintenance WG
>>>
>>>
>>>
>>>       
>
>
>   


-- 
Konrad Lanz, IAIK/SIC - Graz University of Technology
Inffeldgasse 16a, 8010 Graz, Austria
Tel: +43 316 873 5547
Fax: +43 316 873 5520
https://www.iaik.tugraz.at/aboutus/people/lanz
http://jce.iaik.tugraz.at

Certificate chain (including the EuroPKI root certificate):
https://europki.iaik.at/ca/europki-at/cert_download.htm




Received on Thursday, 20 March 2008 07:16:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 20 March 2008 07:16:32 GMT