W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

core-991001: HMAC-SHA1

From: Greg Whitehead <gwhitehead@signio.com>
Date: Tue, 5 Oct 1999 15:11:41 -0700
Message-ID: <6B962A1EE646D31193270008C7A4BAB5093374@mail.paymentnet.com>
To: w3c-ietf-xmldsig@w3.org
I noticed that HMAC-SHA1 is a REQUIRED algorithm in the core-991001 spec,
but I don't see where MAC algorithms come up in the core syntax.

If this is carried over from earlier drafts that described an HMAC-SHA1
"signature" algorithm, then I would vote for removing it.  The HMAC-SHA1
signature algorithm could be described in a separate document if there is
interest in it.  My reluctance to endorse it as a signature algorithm in the
core spec is that it doesn't offer non-repudiation (the signature verifier
can trivially forge the signature), and this is a subtle point that might be
misunderstood by relying parties.

-Greg


--
Greg Whitehead
Chief Scientist
Signio, Inc.
1600 Bridge Parkway, Suite 201
Redwood City, CA  94065
650-622-2250
650-622-2201 (fax)
gwhitehead@signio.com
http://www.signio.com
Received on Tuesday, 5 October 1999 18:12:11 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT