W3C home > Mailing lists > Public > public-xmlsec@w3.org > December 2012

Re: updated XML Encryption 1.1 editors draft for 6.1.3 security consideration

From: Juraj Somorovsky <juraj.somorovsky@rub.de>
Date: 4 Dec 2012 15:25:24 +0100
Message-ID: <50BE07D4.5030808@rub.de>
To: Frederick.Hirsch@nokia.com
Cc: public-xmlsec@w3.org, tibor.jager@gmail.com, tlr@w3.org
Hi Frederick,

thanks for CC'ing us, there are our thoughts.

On 12/03/2012 03:51 PM, Frederick.Hirsch@nokia.com wrote:
>   2.  Implementations using symetric keys should not use the same key material for different algorithms, even if serving the same purpose. Key derivation based on a single key and the algorithm identifier can be used to accomplish this, for example.
>   3.  Implementations that plan to use the same symetric key for both confidentiality and integrity functions should use it as the basis for a key derivation producing different keys for those functions.
We are puzzled what is the difference between these two points.
Is 2. meant to be specifically for AES-CBC / AES-GCM and 3. specifically
for AES-CBC / HMAC ?

If yes, would it be not better readable to summarize 2. and 3. into one
> On a related note, should we define in XML Encryption 1.1 the specific key derivation function to derive a key based on algorithm identifier and key? I'm concerned about what this means for interop and progressing the specification. If we do need this I suggest we might progress it as an independent specification, but am not sure we need to do this. Thoughts?
We think it is necessary to include the key derivation function into the
standard (for interoperability reasons as well as for better understanding).

Thank you
Juraj and Tibor
Received on Tuesday, 4 December 2012 14:25:52 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:19 UTC