W3C home > Mailing lists > Public > public-xmlsec@w3.org > July 2009

Re: Comments on the DSA changes

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Tue, 7 Jul 2009 16:50:36 -0400
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, XMLSec WG Public List <public-xmlsec@w3.org>
Message-Id: <8F0F55DF-4E0D-4702-8ECF-8A021E97D8D7@nokia.com>
To: ext Kelvin Yiu <kelviny@exchange.microsoft.com>
Kelvin

Have we addressed all of this comment adequately now?

We still mention 3072 bit keys but do not require them and it is in  
the nature of listing all the ones defined. Do you think we are ok  
now, or should we still consider removing mention of them?

http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm#sec-DSA

regards, Frederick

Frederick Hirsch
Nokia



On Jun 16, 2009, at 11:36 AM, ext Kelvin Yiu wrote:

> FIPS 186-3 specifies that DSA can be used with SHA-1, SHA-224, and  
> SHA-256 based on key sizes. I mis-read Fredrick’s proposal and I  
> think the revised text already addressed the issue with SHA-384 and  
> SHA-512. However, there are a couple of issues that needs to be  
> addressed:
>
> 1.       New URIs are needed for DSA with SHA-224 and SHA-256
> 2.       There is a note in FIPS 186-3 at the end of section 4.2 (on  
> page 16) that basically said a government entity other than a CA  
> should use only 2048 bit and not 3072 bit. I am not sure if that is  
> relevant other than perhaps not to make references to 3072 bit keys.
>
> Thoughts?
>
> Kelvin
>
Received on Tuesday, 7 July 2009 20:51:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:59 GMT