W3C home > Mailing lists > Public > public-xmlsec@w3.org > February 2009

Re: ACTION-219: ECPointType

From: Frederick Hirsch <Frederick.Hirsch@nokia.com>
Date: Fri, 20 Feb 2009 17:33:17 -0500
Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>, ext Brian LaMacchia <bal@exchange.microsoft.com>, XMLSec WG Public List <public-xmlsec@w3.org>
Message-Id: <E0083DA3-2963-45FD-8EB6-77BB64A0A1D6@nokia.com>
To: ext Thomas Roessler <tlr@w3.org>
Thanks. I was hoping Magnus and others could review either way, but  
this is better if possible.

regards, Frederick

Frederick Hirsch
Nokia



On Feb 20, 2009, at 5:29 PM, ext Thomas Roessler wrote:

> Brian noted that he just implemented what Magnus had proposed.  I
> suggest that we leave things as they are for the moment and give
> Magnus a chance -- his autoresponder claims that he'll be back on
> Monday.
>
> (I'll probably take care of most of the publication preparations over
> the week-end, but see no problem delaying dsig-core till Monday.)
>
> --
> Thomas Roessler, W3C  <tlr@w3.org>
>
>
>
>
>
>
>
> On 20 Feb 2009, at 23:26, Frederick Hirsch wrote:
>
>>> <Hash Algorithm="http://...">
>>>      <Seed>asdfasdf</Seed>
>> </Hash>
>>
>> seems much clearer than
>>> <Seed Algorithm="http://...">asdfasdf</Seed>
>>
>>
>> So I'd argue against the second choice.
>>
>> Regarding the Hash element, it seems reasonable, but would it
>> introduce any confusion to those familiar with the ASN.1 and looking
>> for similarity? I'd suggest not if we have the appropriate text in
>> the document.
>>
>> Presumably there are no compelling reasons for keeping the two
>> separate?
>>
>> Should we make this change now so that review reflects where we
>> expect to end up?
>>
>> regards, Frederick
>>
>> Frederick Hirsch
>> Nokia
>>
>>
>>
>> On Feb 20, 2009, at 5:16 PM, ext Brian LaMacchia wrote:
>>
>>> I'd be OK with either of these alternatives; the current design
>>> follows the layout in X9.62-2005 and draft 1.7 of SEC-1.  Earlier
>>> versions of those specs had the seed but not the hash algorithm
>>> identifier, so I suspect the hash was put at the end of the ASN.1
>>> structure so as not to break back-compat.  We don't have that
>>> problem here, so we're free to change the format as we see fit.
>>>
>>>                                      --bal
>>>
>>> -----Original Message-----
>>> From: public-xmlsec-request@w3.org [mailto:public-xmlsec-request@w3.org
>>> ] On Behalf Of Thomas Roessler
>>> Sent: Friday, February 20, 2009 10:54 PM
>>> To: Brian LaMacchia
>>> Cc: XMLSec WG Public List
>>> Subject: Re: ACTION-219: ECPointType
>>>
>>> On 20 Feb 2009, at 22:49, Brian LaMacchia wrote:
>>>
>>>> The Hash element is an optional element that specifies the hash
>>>> algorithm used to generate the
>>>> elliptic curve E and/or base point G verifiably at random.  If the
>>>> Hash element is present then the
>>>> optional Seed element in the Curve element must also be present.
>>>>
>>>> COMMENT 1: I added the second sentence that if you specify the Hash
>>>> element you must also specify the Seed element, because the Hash
>>>> element doesn't make sense without the Seed element (they get used
>>>> together to verify the curve was generated randomly)
>>>
>>> It would seem more in line with the overall style of XML Signature  
>>> to
>>> put the hash algorithm into an attribute, and the Seed into a child
>>> of
>>> Hash.  Having the two of them as siblings makes some sense when  
>>> there
>>> is a default hash algorithm specified.
>>>
>>> So, I'd suggest something like this:
>>>
>>> <Hash Algorithm="http://...">
>>>      <Seed>asdfasdf</Seed>
>>> </Hash>
>>>
>>> ... instead of the current approach.
>>>
>>> Does this make sense, or am I missing something?
>>>
>>> Or would something like...
>>>
>>> <Seed Algorithm="http://...">asdfasdf</Seed>
>>>
>>> make more sense?
>>>
>>>
>>>
>>>
>>
>
Received on Friday, 20 February 2009 22:34:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:57 GMT