W3C home > Mailing lists > Public > public-xmlsec@w3.org > February 2009

Re: ACTION-219: ECPointType

From: Thomas Roessler <tlr@w3.org>
Date: Fri, 20 Feb 2009 23:29:40 +0100
To: Frederick Hirsch <frederick.hirsch@nokia.com>
Message-Id: <BAB1180B-A00D-43E0-9E52-609BD0D410F8@w3.org>
Cc: ext Brian LaMacchia <bal@exchange.microsoft.com>, XMLSec WG Public List <public-xmlsec@w3.org>
Brian noted that he just implemented what Magnus had proposed.  I  
suggest that we leave things as they are for the moment and give  
Magnus a chance -- his autoresponder claims that he'll be back on  
Monday.

(I'll probably take care of most of the publication preparations over  
the week-end, but see no problem delaying dsig-core till Monday.)

--
Thomas Roessler, W3C  <tlr@w3.org>







On 20 Feb 2009, at 23:26, Frederick Hirsch wrote:

>> <Hash Algorithm="http://...">
>>       <Seed>asdfasdf</Seed>
>  </Hash>
>
> seems much clearer than
>> <Seed Algorithm="http://...">asdfasdf</Seed>
>
>
> So I'd argue against the second choice.
>
> Regarding the Hash element, it seems reasonable, but would it  
> introduce any confusion to those familiar with the ASN.1 and looking  
> for similarity? I'd suggest not if we have the appropriate text in  
> the document.
>
> Presumably there are no compelling reasons for keeping the two  
> separate?
>
> Should we make this change now so that review reflects where we  
> expect to end up?
>
> regards, Frederick
>
> Frederick Hirsch
> Nokia
>
>
>
> On Feb 20, 2009, at 5:16 PM, ext Brian LaMacchia wrote:
>
>> I'd be OK with either of these alternatives; the current design  
>> follows the layout in X9.62-2005 and draft 1.7 of SEC-1.  Earlier  
>> versions of those specs had the seed but not the hash algorithm  
>> identifier, so I suspect the hash was put at the end of the ASN.1  
>> structure so as not to break back-compat.  We don't have that  
>> problem here, so we're free to change the format as we see fit.
>>
>>                                       --bal
>>
>> -----Original Message-----
>> From: public-xmlsec-request@w3.org [mailto:public-xmlsec-request@w3.org 
>> ] On Behalf Of Thomas Roessler
>> Sent: Friday, February 20, 2009 10:54 PM
>> To: Brian LaMacchia
>> Cc: XMLSec WG Public List
>> Subject: Re: ACTION-219: ECPointType
>>
>> On 20 Feb 2009, at 22:49, Brian LaMacchia wrote:
>>
>>> The Hash element is an optional element that specifies the hash
>>> algorithm used to generate the
>>> elliptic curve E and/or base point G verifiably at random.  If the
>>> Hash element is present then the
>>> optional Seed element in the Curve element must also be present.
>>>
>>> COMMENT 1: I added the second sentence that if you specify the Hash
>>> element you must also specify the Seed element, because the Hash
>>> element doesn't make sense without the Seed element (they get used
>>> together to verify the curve was generated randomly)
>>
>> It would seem more in line with the overall style of XML Signature to
>> put the hash algorithm into an attribute, and the Seed into a child  
>> of
>> Hash.  Having the two of them as siblings makes some sense when there
>> is a default hash algorithm specified.
>>
>> So, I'd suggest something like this:
>>
>>  <Hash Algorithm="http://...">
>>       <Seed>asdfasdf</Seed>
>>  </Hash>
>>
>> ... instead of the current approach.
>>
>> Does this make sense, or am I missing something?
>>
>> Or would something like...
>>
>>  <Seed Algorithm="http://...">asdfasdf</Seed>
>>
>> make more sense?
>>
>>
>>
>>
>
Received on Friday, 20 February 2009 22:29:50 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:57 GMT