W3C home > Mailing lists > Public > public-xmlsec@w3.org > October 2011

Re: ACTION-829: Provide additional proposal text regarding xml encryption changes for pkcs1.5

From: Cantor, Scott <cantor.2@osu.edu>
Date: Mon, 3 Oct 2011 21:56:42 +0000
To: "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>, Magnus Nystrom <mnystrom@microsoft.com>
CC: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <CAAFA6E0.10D42%cantor.2@osu.edu>
On 10/3/11 2:23 PM, "Frederick.Hirsch@nokia.com"
<Frederick.Hirsch@nokia.com> wrote:
>It looks like XML Encryption 1.1 text and example (not schema) says that
>the hash is defined using the XML Algorithm Attribute of the child
>EncryptionMethod element but does not allow in *XML* to define the MGF
>function, thus fixing it to a specific value. Yet at the same time the
>element OAEPParams is supported.

I think that's accurate, but I think that the in actual implementation,
the OAEPParams string doesn't actually get used to drive hash algorithm
selection, since the spec is telling you that DigestMethod is what you use
for that.

In practice, implementations I've tested against often do not support
anything but SHA1.

>Proposed change:
>The RSAES-OAEP-ENCRYPT algorithm, as specified in RFC 3447 [PKCS1], takes
>two options to define the hash function and mask generation function,
>indicated in the OAEPParams value. By default,  the Hash is SHA1 and the
>mask generation function is MGF1 with SHA1 (mgf1SHA1Identifier).  If no
>OAEPparams child is provided, a null string is used.
>remove DigestMethod from example.
>what have implementers been doing here? Will this simplification work?

It wouldn't work in my implementation right this moment, which is looking
for DigestMethod. I'm assuming you're asking "would this break 1.0
implementations and constitute a change in 1.1".

-- Scott
Received on Monday, 3 October 2011 21:57:43 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:17 UTC