W3C home > Mailing lists > Public > public-xmlsec@w3.org > July 2012

Re: Possible missing algorithms?

From: Cantor, Scott <cantor.2@osu.edu>
Date: Fri, 6 Jul 2012 17:51:33 +0000
To: "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>
CC: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <CC1C9CAB.250A7%cantor.2@osu.edu>
On 7/6/12 12:44 PM, "Frederick.Hirsch@nokia.com"
<Frederick.Hirsch@nokia.com> wrote:

>Thus I suggest we agree it should be added to the XML Signature 1.1 draft.
>
>HMAC with 224 is listed in RFC 4051 but not in XML Signature 1.1 or the
>XML Security Algorithms Cross-Reference. Since it is in RFC 4051 I
>propose it should be added to XML Signature 1.1 and the cross reference,
>for consistency with RFC 4051.

That would be my opinion.

>Neither RFC 4051 nor the "XML Security Algorithms Cross-Reference " have
>an algorithm identifier for  "RSA with SHA-224". It could be added for
>consistency, but the URL should be defined in RFC 4051 (but is not). It
>would be very confusing if it were not of the same form.

Yeah, I know. I'm kind of stuck, because by the time I took over the
Santuario code base, it had been added, and it's been there for several
years. Other than deprecating the involved code or just noting it, there
isn't much I can do about it at this point, but that's not the WG's
problem.

>Any other suggestions regarding RSA-SHA224?

My only point re: the URLs and the RFC is that the namespace is a W3C
namespace. While it might be odd to create one in that form outside 4051,
it doesn't really hijack ownership to do so. I suppose the RFC could be
rev'd too. Given that I'm stuck, I would be willing to do some work agreed
to in this respect.

-- Scott
Received on Friday, 6 July 2012 17:52:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 6 July 2012 17:52:32 GMT