W3C home > Mailing lists > Public > public-xmlsec@w3.org > October 2011

RE: proposed XML Encryption 1.1 changes related to OAEP

From: Pratik Datta <pratik.datta@oracle.com>
Date: Wed, 5 Oct 2011 10:38:32 -0700 (PDT)
Message-ID: <8c4ef295-357d-47ac-b4fb-6a3ab1a36657@default>
To: Frederick.Hirsch@nokia.com, public-xmlsec@w3.org

When you said change the URI for RSA-OAEP http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
I assume you mean create a new URI.  We obviously cannot get rid of the existing URI for backwards compatibility. For example this is the "Basic128" and "Basic256" encryption algorithm in WS-Security and it is the most popularly used.

For OAEPParams,  instead of describing it "label", I would go with "PSource specified".

In your redline you have "ds:EncryptionMethod" and "ds11:MGF"
  EncryptionMethod is in "enc" namespaces.  We should put MGF in enc11 namespace


-----Original Message-----
From: Frederick.Hirsch@nokia.com [mailto:Frederick.Hirsch@nokia.com] 
Sent: Wednesday, October 05, 2011 9:28 AM
To: public-xmlsec@w3.org
Cc: Frederick.Hirsch@nokia.com
Subject: proposed XML Encryption 1.1 changes related to OAEP

Attached are Redline and clean roll-ups of proposed changes to XML Encryption 1.1 based on our list and call discussion.


1. define new optional attribute to EncryptionMethod to convey MGF for OAEP

2. change URI for RSA-OAEP not to assume specific MGF (e.g. decouple to allow change to MGF). This is a significant change to decouple MGF definition from algorithm definition

3. Clarify RSA-OAEP section wording to clarify that digest is specified in DigestMethod Algorithm attribute, MGF in MGF attribute with default of MGF1 with SHA1 if not specified, and Label is optionally in OAEPparams XML element.

4. Incorporated outstanding changes from Scott that were previously agreed but not implemented (I believe)



regards, Frederick

Frederick Hirsch
Received on Wednesday, 5 October 2011 17:39:11 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:17 UTC