W3C home > Mailing lists > Public > public-xmlsec@w3.org > August 2008

Re: ISSUE-48 (DerivedKeyType): No support for derived keys in XML Dsig, XML Enc [Rqmts (XML Signature and Canonicalization V Next Requirements)]

From: Magnus Nyström <magnus@rsa.com>
Date: Thu, 28 Aug 2008 16:38:20 +0200 (W. Europe Daylight Time)
To: Thomas Roessler <tlr@w3.org>
cc: XML Security Working Group Issue Tracker <sysbot+tracker@w3.org>, public-xmlsec@w3.org
Message-ID: <Pine.WNT.4.64.0808281636300.7068@W-JNISBETTEST-1.tablus.com>

Agreed; the current version indicates that only Signature and 
Canonicalization design and requirements are in scope which caused me to 
wonder whether this would be the right document for this issue. It seems 
to me the scope of this document should be broadened a bit.

-- Magnus

On Thu, 28 Aug 2008, Thomas Roessler wrote:

>
> On 2008-08-28 12:09:47 +0000, XML Security Working Group Issue Tracker wrote:
>
>> Neither XML DSig or XML Enc supports the concept of derived keys.
>>
>> There are several cases when this lack of support is an issue. For
>> example, when encryption or message authentication is based on
>> passwords. Another example is when a master key is all that is shared
>> between communicating parties and avoidance of using this master key
>> for direct protection is desired.
>>
>> A separate email will provide an analysis of the use of derived
>> keys in some existing WS * specifications, and compare the
>> functionality in those specification with an alternative, based
>> on a set of requirements.
>
> On an editorial note, it strikes me that it might be useful to have
> a section on algorithm and keying requirements in the requirements
> and design document, encompassing both Encryption and Signature.
>
>
Received on Thursday, 28 August 2008 14:41:07 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:54 GMT