W3C home > Mailing lists > Public > public-xmlsec@w3.org > June 2012

ACTION-887 Best Practice for HMAC

From: Hal Lockhart <hal.lockhart@oracle.com>
Date: Thu, 21 Jun 2012 14:41:49 -0700 (PDT)
Message-ID: <7ca198c6-4b9d-4b0c-ac31-bb10c2eabfc9@default>
To: public-xmlsec@w3.org
First I need to amend what I said on the call. On the call I was concerned that XML Signature did not unambiguously state what part of the hash value was to be truncated. I now see that the HMAC sections of XML Signature all reference RFC 2104. Section 5 of RFC 2104 says in part: "... by outputting the t leftmost bits of the HMAC computation ..." This seems unambiguous and thus I don't think we need to change XML Signature.

I have attached a proposed new section for the Best Practices doc in approximately the right format rendered in word format.

Hal

Received on Thursday, 21 June 2012 21:42:22 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 21 June 2012 21:42:22 GMT