W3C home > Mailing lists > Public > public-xmlsec@w3.org > February 2009

Re: comments on algorithms draft

From: Frederick Hirsch <Frederick.Hirsch@nokia.com>
Date: Wed, 11 Feb 2009 08:13:05 -0500
Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>, XMLSec WG Public List <public-xmlsec@w3.org>
Message-Id: <46EFB24D-A3E5-4067-8EBA-82095F0528E5@nokia.com>
To: ext Thomas Roessler <tlr@w3.org>

I think it is useful to call out explicitly which are optional -  
otherwise a mistake will not be noted when it is an omission.

regards, Frederick

Frederick Hirsch
Nokia



On Feb 10, 2009, at 6:44 PM, ext Thomas Roessler wrote:

> Hi Frederick,
>
> thanks for going through this with a fresh pair of eyes.
>
> The changes you propose seem to fall into three categories:
>
> - editorial changes (I got a link or a heading wrong, I forgot a link
> [and I thought I had done the links for the block algorithms...
> sorry], I referenced the wrong spec, and so on)
>
> - calling out recommended status of algorithms
>
> - calling out what specs mention which algorithm as optional to
> implement.
>
> I'll be happy to make the first two classes of changes.
>
> However, I'd prefer to generally not keep track of which spec has
> which algorithm as optional, simply because that's the overall
> default.  (We could be explicit about that default, though.)
>
> The one exception is the DH key agreement algorithm, since it's the
> only algorithm of its kind that's specified (at this point), and
> nevertheless optional.  Usually, we have at least one mandatory to
> implement algorithm per feature.
>
> Likewise, I do not think that the Signature 1.1 needs to include every
> algorithm that's in the Note.
>
> --
> Thomas Roessler, W3C  <tlr@w3.org>
>
>
>
>
>
>
>
> On 10 Feb 2009, at 23:43, Frederick Hirsch wrote:
>
>>
>> Comments on algorithms draft [1]. I propose we make these changes
>> before First Public Working Draft.
>>
>> (1) 1st  paragraph in section 3
>> Replace "(again, and octet-stream)" with "(an octet stream that is
>> base64 encoded as noted in Section 4.2 of XML SIgnature)"
>>
>> (2) Section 3.2
>> Replace "various variants" with "variants"
>>
>> (3) Section 3.2, RSA-SHA256
>> remove references to dsig and 2nd edition, not applicable in this  
>> case
>>
>> (4) Section 3.2 RSA-SHA384, RSA-SHA512
>>
>> For each, add note:
>> "This algorithm is under consideration as an optional to implement
>> algorithm for a future version of XML Signature."
>>
>> (5) Section 3.2 RSA-RIPEMD160
>>
>> This algorithm is not mentioned in the XML Signature 1.1 draft. An
>> issue?
>>
>> (6) Section 3.3 ECDSA-SHA224
>>
>> This algorithm is not mentioned in the XML Signature 1.1 draft. An
>> issue?
>>
>> (7) section 3.3 ECDSAwithSHA384
>>
>> replace second ECDSAwithSHA384 with ECDSAwithSHA512
>>
>> (8) section 3.3 ECDSA-SHA1, ECDSAwithSHA384, ECDSAwithSHA512
>>
>> for each, add note:
>> "This algorithm is under consideration as an optional to implement
>> algorithm for a future version of XML Signature."
>>
>> (9) Section 3.4 HMAC-SHA256
>>
>> Add
>> "This algorithm is under consideration as a recommended to implement
>> algorithm for a future version of XML Signature."
>>
>> (9) Section 3.4 HMAC-SHA384, HMAC-SHA512
>>
>> For each, add
>> "This algorithm is under consideration as an optional to implement
>> algorithm for a future version of XML Signature."
>>
>> (10) Section 3.4 HMAC-RIPEMD160
>>
>> This algorithm is not mentioned in the XML Signature 1.1 draft. An
>> issue?
>>
>> (11) Section 4.2 SHA-224
>>
>> This algorithm is not mentioned in the XML Signature 1.1 draft. An
>> issue?
>>
>> (12)  Section 4.2 SHA-256
>>
>> Remove xml signature and 2nd edition references.
>>
>> (13) Section 4.2 SHA-384, SHA-512
>>
>> For each, add
>> "This algorithm is under consideration as an optional to implement
>> algorithm for a future version of XML Signature."
>>
>> (14) 4.3 RIPEMD-160
>>
>> Add note:
>> "This algorithm is listed as optional to implement in XML Encryption
>> in section 5.7.4.
>> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-RIPEMD-160
>> "
>>
>> (15) 5.1 Triple DES (CBC mode)
>> add section and specific link for section:
>>
>> Section 5.2.1
>> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-tripledes-cbc
>>
>> (16) 5.1 AES-128 (CBC mode)
>> add section and specific link for section:
>>
>> Section 5.2.2
>> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-AES
>>
>> (17) 5.1 AES-192 (CBC mode)
>> add section and specific link for section:
>>
>> Section 5.2.2
>> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-AES
>>
>> Add note
>> This algorithm is optional to implement in [XMLENC].
>>
>>
>> (18) 5.1 AES-256 (CBC mode)
>> add section and specific link for section:
>>
>> Section 5.2.2
>> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-AES
>>
>> Add note
>> This algorithm is optional to implement in [XMLENC].
>>
>> (19) Section 6, RSA-v1.5
>> add section and specific link for section:
>>
>> Section 5.4.1
>> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec- 
>> RSA-1_5
>>
>> (20) Section 6, RSA-OAEP
>> add section and specific link for section:
>>
>> Section 5.4.2
>> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-RSA-
>> OAEP
>>
>> Add note
>> This algorithm is optional to implement in [XMLENC].
>>
>> (21) Section 7, Diffie Hellman
>> add section and specific link for section:
>>
>> Section 5.5.1
>> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-DHKeyValue
>>
>> (22) Section 8, CMS Triple-DES Key Wrap
>> add section and specific link for section:
>>
>> Section 5.6.2
>> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-kw-tripledes
>>
>> (23) Section 8, AES Key Wrap 128
>> add section and specific link for section:
>>
>> Section 5.6.3
>> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-kw-aes
>>
>> (24) Section 8, AES Key Wrap 192
>> add section and specific link for section:
>>
>> Section 5.6.3
>> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-kw-aes
>>
>> Add note
>> This algorithm is optional to implement in [XMLENC].
>>
>> (25) Section 8, ES Key Wrap 256
>> add section and specific link for section:
>>
>> Section 5.6.3
>> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-kw-aes
>>
>> regards, Frederick
>>
>> Frederick Hirsch
>> Nokia
>>
>>
>> [1] http://www.w3.org/2008/xmlsec/Drafts/xmlsec-algorithms/Overview.html#sec-ripemd160
>>
>
Received on Wednesday, 11 February 2009 13:13:53 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:57 GMT