W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2010

RE: ISSUE-186: What is the normative content of section 5.4.2? (PBKDF2) [Enc11 (XML Encryption 1.1)]

From: Magnus Nystrom <mnystrom@microsoft.com>
Date: Fri, 29 Jan 2010 05:35:15 +0000
To: XML Security Working Group WG <public-xmlsec@w3.org>
Message-ID: <D744D68428430B4F9C81DE8A4D5950680177D2@TK5EX14MBXW602.wingroup.windeploy.ntdev.microsoft.com>
I don't quite understand your concern here, Thomas. In my opinion, this section does define a profile of PKCS #5 v2.0 Amd.1 - it specifies requirements on certain elements and also explains how instances of types defined in the PKCS document is to be used within XMLENC 1.1. The algorithm is also clearly marked as optional.

And I don't see what difference it makes if the algorithm identifier is defined elsewhere? As long as it is clearly stated where the algorithm (and the XML schema) is defined I don't see why there should be confusion?

-- Magnus

> -----Original Message-----
> From: public-xmlsec-request@w3.org [mailto:public-xmlsec-
> request@w3.org] On Behalf Of XML Security Working Group Issue Tracker
> Sent: Thursday, January 28, 2010 10:46 AM
> To: public-xmlsec@w3.org
> Subject: ISSUE-186: What is the normative content of section 5.4.2?
> (PBKDF2) [Enc11 (XML Encryption 1.1)]
> 
> 
> ISSUE-186: What is the normative content of section 5.4.2? (PBKDF2)
> [Enc11 (XML Encryption 1.1)]
> 
> http://www.w3.org/2008/xmlsec/track/issues/186

> 
> Raised by: Thomas Roessler
> On product: Enc11 (XML Encryption 1.1)
> 
> Looking through recent edits to XML Encryption, section 5.4.2 seems to
> have moved in when I wasn't paying attention.  I'd like to understand
> what the normative content of this section is that *isn't* simply
> reproduced from another spec:
> 
> - the algorithm identifier is in RSA's URI space (and presumably coined
> there)
> - the mark-up and namespaces are defined in an RSA specification
> - we don't seem to do additional profiling as far as I can tell
> 
> Therefore, a pointer at that RSA spec as another example for an
> algorithm that can be used within the key derivation framework would be
> fine; however, I don't think we should actually have normative text.
> 
> My apologies for not having spotted this one earlier.
> 
> 
> 
> 

Received on Friday, 29 January 2010 05:35:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 29 January 2010 05:35:52 GMT