Re: updated XML Encryption 1.1 editors draft for 6.1.3 security consideration from Frederick.Hirsch@nokia.com on 2012-12-03 (public-xmlsec@w3.org from December 2012)

From: <Frederick.Hirsch@nokia.com>
Date: Mon, 3 Dec 2012 15:49:44 +0000
To: <cantor.2@osu.edu>
CC: <Frederick.Hirsch@nokia.com>, <public-xmlsec@w3.org>
Message-ID: <1CB2E0B458B211478C85E11A404A2B270183F02E@008-AM1MPN1-034.mgdnok.nokia.com>

yes I did, also in #3. I've updated the draft, thanks for catching this.

also added references for  [XMLENC-PKCS15-ATTACK] and [XMLENC-CBC-ATTACK]

see revision: http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.html#sec-backwards-compatibility-attacks

regards, Frederick

Frederick Hirsch
Nokia



On Dec 3, 2012, at 9:57 AM, ext Cantor, Scott wrote:

> On 12/3/12 9:51 AM, "Frederick.Hirsch@nokia.com"
> <Frederick.Hirsch@nokia.com> wrote:
>> 
>> 2. Implementations using asymetric keys should not use the same key
>> material for different algorithms, even if serving the same purpose. Key
>> derivation based on a single key and the algorithm identifier can be used
>> to accomplish this, for example.
> 
> Don't you mean symmetric there?
> 
> -- Scott
> 
>

Received on Monday, 3 December 2012 15:50:16 UTC