W3C home > Mailing lists > Public > public-xmlsec@w3.org > June 2012

Updated XML Signature 1.1 and XML Signature 2.0 editors drafts

From: <Frederick.Hirsch@nokia.com>
Date: Mon, 18 Jun 2012 16:27:41 +0000
To: <public-xmlsec@w3.org>
CC: <Frederick.Hirsch@nokia.com>
Message-ID: <DBDC24BF-491E-4091-B9DF-C91E78E6B00C@nokia.com>
I have updated XML Signature 1.1 and XML Signature 2.0 drafts to clarify wording related to ECC.

Specifically, I have  updated the XML Signature 1.1 editors draft to add the following note to end of section 6.4.3  [1] :


Note: As described in IETF RFC 6090, the Elliptic Curve DSA (ECDSA) and KT-I signature methods are mathematically and functionally equivalent for fields of characteristic greater than three. See IETF RFC 6090 Section 7.2 [ECC-ALGS].


I also updated section 4.5.3 which has the first reference to ECC-ALGS, in bullet list item #1 [2] to reference this note via a hyperlink:

Convert the elliptic curve point (x,y) to an octet string by first converting the field elements x and y to octet strings as specified in Section 6.2 of [ECC-ALGS] (note), and then prepend the concatenated result of the conversion with 0x04. Support for Elliptic-Curve-Point-to-Octet-String conversion without point compression is required

I also updated the language in section 6.4.3  (changing the second sentence to also state "lead to the same results as")  to read :

This specification REQUIRES implementations to implement an algorithm that leads to the same results as ECDSA over the P-256 prime curve specified in Section D.2.3 of FIPS 186-3 [FIPS-186-3] (and using the SHA-256 hash algorithm), referred to as the ECDSAwithSHA256 signature algorithm [ECC-ALGS]. It is further recommended that implementations also implement algorithms that lead to the same results as ECDSA over the P-384 and P-521 prime curves; these curves are defined in Sections D.2.4 and D.2.5 of FIPS 186-3, respectively [ECC-ALGS].

I also made the corresponding changes to XML Signature 2.0, as well as making the corresponding changes to the version section as in 1.1.

regards, Frederick

Frederick Hirsch

[1] http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.html#sec-ECDSA

[2] http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.html#sec-ECKeyValue
Received on Monday, 18 June 2012 16:28:15 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:18 UTC