Re: Additional algorithm URIs (Re: XML Security Algorithm Cross-Reference) (ACTION-248)

Hi Thomas,

please note that there are the normal and the plain variants (specified
by BSI). We care about the normal variants, it would be however useful
to specify the "plain" variants as well as such beasts exist.

Please find my proposed URIs below ...

http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160
http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160-plain

http://www.w3.org/2007/05/xmldsig-more#ecdsa-whirlpool
http://www.w3.org/2007/05/xmldsig-more#ecdsa-whirlpool-plain

http://www.w3.org/2007/05/xmldsig-more#rsa-whirlpool

Their specification follows here after:

Thomas Roessler wrote:
> Konrad, any news?
> On 29 Apr 2009, at 18:50, Thomas Roessler wrote:
>> So... If I get this correctly, then the things you want to have  
>> added are:
>>
>> (a) ECDSA-RIPEMD160 -- this one was in draft-eastlake:
>>    http://tools.ietf.org/html/draft-eastlake-additional-xmlsec-uris-00
>>
>>    Is there any reason why the text used there (see section 2.3.6)  
>> would be inadequate?

This text is perfectly fine for
http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160 !

* Maybe the extra addition of
http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160-plain
would allow to disambiguate it from what is specified by the BSI:

>>> URI:
>>> http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160-plain
>>> Specified in:
>>>   German BSI Technical Guideline TR-03111
>>> <http://www.bsi.bund.de/literat/tr/tr03111/BSI-TR-03111.pdf#page=27>
>>>
>>>   Note: #ecdsa-ripemd160 identifies a signature method processed in
>>>   the same way as specified by the #ecdsa-sha1. The signature value
>>>   is however encoded as (r || s) and not wrapped into a SEQUENCE as
>>>   done by X9.62. If the hash length is larger than the domain
>>>   parameter length the hash is not truncated like in X9.62; rather
>>>   it is reduced modulo n, the order of the base point G.


>> (b) ECDSA-WHIRLPOOL -- this one wasn't.
>>
>> Is there a URI for whirlpool that would be defined elsewhere, and  
>> belongs in the cross-reference?  Or do we need to coin one?

We have to coin some as far as I know as follows ...

>>> ECDSA-WHIRLPOOL

... and RSA-WHIRLPOOL !

URI:
http://www.w3.org/2007/05/xmldsig-more#ecdsa-whirlpool

The #ecdsa-whirlpool fragment identifies a signature method
processed in the same way as specified by the
#ecdsa-sha512 fragment with the exception that WHIRLPOOL is used
instead of SHA-512.

>>> URI:
>>> http://www.w3.org/2007/05/xmldsig-more#ecdsa-whirlpool-plain
>>> Specified in:
>>>  German BSI Technical Guideline TR-03111
>>> <http://www.bsi.bund.de/literat/tr/tr03111/BSI-TR-03111.pdf#page=27>
>>>  cf. ecdsa-with-Specified where "Specified" is WHIRLPOOL.
>>>
>>> The #ecdsa-whirlpool-plain fragment identifies a signature method
>>> processed in the same way as specified by the
>>> #ecdsa-sha512 fragment with the exception that WHIRLPOOL is used
>>> instead of SHA-512. The signature value is however encoded as
>>> (r || s) and not wrapped into a SEQUENCE as done by X9.62. If the
>>> hash length is larger than the domain parameter length the hash is
>>> not truncated like in X9.62; rather it is reduced modulo n, the
>>> order of the base point G.


>>> 3.2 RSA
>>>
>>> RSA-WHIRLPOOL
>>> URI:
>>> http://www.w3.org/2007/05/xmldsig-more#rsa-whirlpool
>>> Specified like:
>>>   RSA-SHA512 with the exception that WHIRLPOOL is used instead of
>>>   SHA-512 the PKCS#1 v1.5 padding algorithm [RFC3447] as described
>>>   in section 2.3.1 but with the ASN.1 BER WHIRLPOOL algorithm
>>>   designator prefix is implied.

RSA doesn't have a "-plain" variant, because there is no (r || s).


regards
Konrad


-- 
Konrad Lanz, IAIK/SIC - Graz University of Technology
Inffeldgasse 16a, 8010 Graz, Austria
Tel: +43 316 873 5547
Fax: +43 316 873 5520
http://www.iaik.tugraz.at/content/about_iaik/people/lanz_konrad/
http://jce.iaik.tugraz.at/sic/products/xml_security

Downlaod certificate chain (including the EuroPKI root certificate):
http://ca.iaik.tugraz.at/capso/certs.jsp