W3C home > Mailing lists > Public > public-xmlsec@w3.org > September 2011

Re: ACTION-829: Provide additional proposal text regarding xml encryption changes for pkcs1.5

From: Cantor, Scott <cantor.2@osu.edu>
Date: Tue, 13 Sep 2011 14:54:48 +0000
To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <CA94E21D.15043%cantor.2@osu.edu>
The WG preference was to leave the requirements more as is, so this is a
modified proposal to clean up the text.

Remove the last paragraph in the section 5.5 intro that starts "The RSA
v1.5 Key Transport algorithm given below..." It's misleading by implying
you have to use 1.5 with 3DES, and the reference for V2 to AESWRAP isn't
correct anyway. I think that text adds nothing.

Add a paragraph break leading to this text:

"Implementations must support this key transport algorithm for
transporting 192-bit TRIPLEDES keys. Support of this algorithm for
transporting other keys is optional. RSA-OAEP is recommended for the
transport of AES keys, including 192-bit keys.

Replace the last paragraph in section 5.5.2 with:

"The transported key size is 192 bits for TRIPLEDES and 128, 192, or 256
bits for AES. Implementations MUST implement RSA-OAEP for the transport of
all key types and sizes that are mandatory to implement for symmetric
encryption. They MAY implement RSA-OAEP for the transport of other keys."

This question remains:

>Question: What, if anything, should be said about the DigestMethod(s) to
>require in conjunction with OAEP. Today, one typically finds that only
>SHA-1 works and is used. That seems like a problem if we reach a future
>state in which SHA-1 is totally broken and people want to turn it off
>entirely rather than pick and choose places where its use isn't suspect. I
>think even if we don't need SHA-256 here we ought to mandate it for future
>proofing.

-- Scott
Received on Tuesday, 13 September 2011 14:55:15 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 13 September 2011 14:55:16 GMT