W3C home > Mailing lists > Public > public-xmlsec@w3.org > February 2009

RE: ACTION-219: ECPointType

From: Brian LaMacchia <bal@exchange.microsoft.com>
Date: Fri, 20 Feb 2009 14:16:47 -0800
To: Thomas Roessler <tlr@w3.org>
CC: XMLSec WG Public List <public-xmlsec@w3.org>
Message-ID: <7684468BFDC4704884E4688E5CD105058B7E3CB31E@df-whippet-msg.exchange.corp.microsoft.com>
I'd be OK with either of these alternatives; the current design follows the layout in X9.62-2005 and draft 1.7 of SEC-1.  Earlier versions of those specs had the seed but not the hash algorithm identifier, so I suspect the hash was put at the end of the ASN.1 structure so as not to break back-compat.  We don't have that problem here, so we're free to change the format as we see fit.

					--bal

-----Original Message-----
From: public-xmlsec-request@w3.org [mailto:public-xmlsec-request@w3.org] On Behalf Of Thomas Roessler
Sent: Friday, February 20, 2009 10:54 PM
To: Brian LaMacchia
Cc: XMLSec WG Public List
Subject: Re: ACTION-219: ECPointType

On 20 Feb 2009, at 22:49, Brian LaMacchia wrote:

>  The Hash element is an optional element that specifies the hash  
> algorithm used to generate the
>  elliptic curve E and/or base point G verifiably at random.  If the  
> Hash element is present then the
>  optional Seed element in the Curve element must also be present.
>
> COMMENT 1: I added the second sentence that if you specify the Hash  
> element you must also specify the Seed element, because the Hash  
> element doesn't make sense without the Seed element (they get used  
> together to verify the curve was generated randomly)

It would seem more in line with the overall style of XML Signature to  
put the hash algorithm into an attribute, and the Seed into a child of  
Hash.  Having the two of them as siblings makes some sense when there  
is a default hash algorithm specified.

So, I'd suggest something like this:

   <Hash Algorithm="http://...">
	<Seed>asdfasdf</Seed>
   </Hash>

... instead of the current approach.

Does this make sense, or am I missing something?

Or would something like...

   <Seed Algorithm="http://...">asdfasdf</Seed>

make more sense?
Received on Friday, 20 February 2009 22:17:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:57 GMT