W3C home > Mailing lists > Public > public-xmlsec@w3.org > July 2009

ACTION-319: Split DH Key agreement between new & legacy KDFs

From: Brian LaMacchia <bal@exchange.microsoft.com>
Date: Mon, 6 Jul 2009 17:28:49 +0000
To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <03703CBF081F9E4CA49CF5FF131362E60D539F3A@DF-M14-05.exchange.corp.microsoft.com>
Folks,

I've committed revision 1.30 of xmlenc-core-11\Overview.htm, which includes text to resolve ACTION-319 for Diffie-Hellman.  Specifically, Section 5.6.2, Diffie-Hellman Key Agreement, now has two subsections:

5.6.2.1. Diffie-Hellman Key Agreement with new Key Derivation Functions
5.6.2.2. Diffie-Hellman Key Agreement with Legacy Key Derivation Function

5.6.2.2 has the "legacy KDF" that was defined for DH in XMLENC 1.0, and 5.6.2.1 is for use with the new standard elements for Key Derivation that Magnus introduced.  I made 5.6.2.1 say that it is RECOMMENDED that implementations use a new KDF in the standard format if doing DH, but if you implement DH you're REQUIRED to support the legacy format since it was defined in 1.0.  Also, the best/only way I could come up with to distinguish between legacy and new for DH is to key off the absence or presence of the KA-Nonce element (absence == new, presence == legacy).

I also put a placeholder in Section 5.6.2.1 for an example, since it seemed like a good idea to have one there.


                                                                                --bal
Received on Monday, 6 July 2009 17:29:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:59 GMT