W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2009

RE: Updated XML Encryption 1.1 and XML Signature 1.1 Editors Drafts

From: Edgar, Gerald <gerald.edgar@boeing.com>
Date: Thu, 22 Jan 2009 11:01:26 -0800
Message-ID: <DC298B2E18C4C6468BA017B020D393E208568F24@XCH-NW-3V1.nw.nos.boeing.com>
To: "XMLSec WG Public List" <public-xmlsec@w3.org>


 While we reference much of what is in NSA Suite B we do not reference
that set of algorithms directly.
(http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml)

The NSA uses references of 

Digital Signature:
Elliptic Curve Digital Signature Algorithm - FIPS 186-2
(using the curves with 256 and 384-bit prime moduli)
http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf

Hashing:
Secure Hash Algorithm - FIPS 180-2
(using SHA-256 and SHA-384)
http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenoti
ce.pdf

Do the references used in the drafts cover both of these?


We could also use the recommendations in "Suite B" for key lengths. To
rephrase that is there we could say:
"Use of AES with 256-bit keys, the 384-bit prime modulus elliptic curve,
and SHA-384 provides a basis for a high level of information security."


Gerald Edgar, CISSP
Enterprise Architecture & Information Security
Received on Thursday, 22 January 2009 19:02:22 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:57 GMT