W3C home > Mailing lists > Public > public-xmlsec@w3.org > July 2009

Re: ACTION-142: New identifiers for new variants of DSA in FIPS 186-3

From: Thomas Roessler <tlr@w3.org>
Date: Tue, 7 Jul 2009 08:02:28 +0200
To: Brian LaMacchia <bal@exchange.microsoft.com>
Message-Id: <1FD720CA-C002-4572-9DC7-3A0ACA959343@w3.org>
Cc: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Partially as a memo to myself, these also need to be merged into the  
algorithms xref note.
--
Thomas Roessler, W3C  <tlr@w3.org>






On 6 Jul 2009, at 19:18, Brian LaMacchia wrote:

> Folks,
>
> Iíve committed revision 1.73 of xmldsig-core-11\Overview.htm, which  
> includes text to resolve ACTION-142.  Specifically, now that FIPS  
> 186-3 is out defining DSAwithSHA224 and DSAwithSHA256, Iíve made the  
> following updates:
>
> In Section 6, define the identifier DSAwithSHA256 (http://www.w3.org/2009/xmldsig11#dsa-sha256 
> ) as an OPTIONAL signature algorithm.
>
> In Section 6.4.1, added DSAwithSHA256, updated the language in  
> paragraph 1 to describe the four variants of DSA, and updated the  
> Security Considerations section (there was a duplicate paragraph  
> there, among other problems).  (Cynthia, I made these changes before  
> seeing your comments Ė see if youíre OK with the new version or if I  
> need to update/revise.)
>
> In keeping with the way we did RSA, where we didnít put the key size  
> in the algorithm URI, I chose to do the same thing with DSA.  So the  
> intent is that the DSAwithSHA256 AlgID should be used for both 2048- 
> bit DSA and 3072-bit DSA with SHA-256.  Similarly, since we don't  
> use SHA-224 anywhere else in the XMLDSIG spec, I did not define a  
> corresponding DSAwithSHA224 (which would be 2048-bit keys &  
> SHA-224).  We can add that if people think itís necessary, but I  
> didnít see a compelling reason.
>
>                                                                                 --bal
>
Received on Tuesday, 7 July 2009 06:23:07 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:59 GMT