- From: Cantor, Scott <cantor.2@osu.edu>
- Date: Tue, 13 Sep 2011 14:54:48 +0000
- To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
The WG preference was to leave the requirements more as is, so this is a modified proposal to clean up the text. Remove the last paragraph in the section 5.5 intro that starts "The RSA v1.5 Key Transport algorithm given below..." It's misleading by implying you have to use 1.5 with 3DES, and the reference for V2 to AESWRAP isn't correct anyway. I think that text adds nothing. Add a paragraph break leading to this text: "Implementations must support this key transport algorithm for transporting 192-bit TRIPLEDES keys. Support of this algorithm for transporting other keys is optional. RSA-OAEP is recommended for the transport of AES keys, including 192-bit keys. Replace the last paragraph in section 5.5.2 with: "The transported key size is 192 bits for TRIPLEDES and 128, 192, or 256 bits for AES. Implementations MUST implement RSA-OAEP for the transport of all key types and sizes that are mandatory to implement for symmetric encryption. They MAY implement RSA-OAEP for the transport of other keys." This question remains: >Question: What, if anything, should be said about the DigestMethod(s) to >require in conjunction with OAEP. Today, one typically finds that only >SHA-1 works and is used. That seems like a problem if we reach a future >state in which SHA-1 is totally broken and people want to turn it off >entirely rather than pick and choose places where its use isn't suspect. I >think even if we don't need SHA-256 here we ought to mandate it for future >proofing. -- Scott
Received on Tuesday, 13 September 2011 14:55:15 UTC