W3C home > Mailing lists > Public > public-xmlsec@w3.org > December 2011

Re: wording mistake in XML Enc 1.1

From: <Frederick.Hirsch@nokia.com>
Date: Wed, 7 Dec 2011 15:12:45 +0000
To: <tlr@w3.org>
CC: <Frederick.Hirsch@nokia.com>, <public-xmlsec@w3.org>, <tibor.jager@gmail.com>, <juraj.somorovsky@rub.de>
Message-ID: <16DA6764-D19F-47DE-8789-A31CC8748A12@nokia.com>
I have fixed this in the latest editors draft. Thanks to Tibor for the careful review.

regards, Frederick

Frederick Hirsch
Nokia



On Dec 7, 2011, at 1:52 AM, ext Thomas Roessler wrote:

> Tiber Jäger points out to me that the current draft for XML Enc 1.1 has a minor wording mistake:
> 
>> AES-GCM [SP800-38D] is an authenticated encryption mechanism. It is equivalent to doing these two operations in one step - HMAC signing followed by AES-CBC encryption.
> 
> Correction:
> 
>> AES-GCM […] is an authenticated encryption mechanism. It is equivalent to do these two operations in one step, AES encryption followed by HMAC signing.
> 
> http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.html#sec-AES-GCM
> 
> (The point is to authenticate the ciphertext, not the plaintext.)
> 
> --
> Thomas Roessler, W3C  <tlr@w3.org>  (@roessler)
> 
> 
> 
> 
> 
> 
> 
> 
Received on Wednesday, 7 December 2011 15:14:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 7 December 2011 15:14:06 GMT