W3C home > Mailing lists > Public > public-xmlsec@w3.org > February 2009

Revisit MTI Key Agreement Algorithms in XML Encryption (ISSUE-103)

From: Thomas Roessler <tlr@w3.org>
Date: Tue, 24 Feb 2009 21:40:45 +0100
Message-Id: <5E528979-A047-49F2-B824-533056131F58@w3.org>
To: XMLSec WG Public List <public-xmlsec@w3.org>
During discussion on the call today, Magnus noted that we have a bit  
of a mess in the forthcoming FPWD for XML Encryption:

- Two key agreement algorithms are defined, Diffie-Hellman and EC D- 
H.  DH is optional (as it has always been), EC D-H is mandatory to  
implement.

- However, there is no mandatory to implement curve for EC D-H.

The result is that (a) our *only* mandatory to implement algorithm is  
currently ECDH, (b) that still doesn't give us interoperability since  
we don't have an agreed curve, (c) the entire feature (which was  
optional before) now turns mandatory to implement.

I'm curious whether anybody here recalls why DH wasn't made mandatory  
in the original version of XML Encryption, and also wonder whether we  
shouldn't really have both key agreement algorithms as REQUIRED if  
ECDH is.

Thoughts?
--
Thomas Roessler, W3C  <tlr@w3.org>
Received on Tuesday, 24 February 2009 20:40:55 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:57 GMT