W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

Re: Parameters and Algorithms.

From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 14 Oct 1999 15:00:42 -0700
Message-Id: <199910142200.PAA52553@romeo.rtfm.com>
To: "Jim Schaad (Exchange)" <jimsch@EXCHANGE.MICROSOFT.com>
cc: "W3c-Ietf-Xmldsig (E-mail)" <w3c-ietf-xmldsig@w3.org>
> OK -- lets put this argument on hold for a while and look at the original
> proprosal again.
> 1.  If we put the statment in the draft that the only HashAlgorithm
> parameter that can be specified with DSA is SHA-1 we can make a future
> modification to the following statement.
> When DSA is specified, if |q| == 160, the HashAlgorithm MUST be specfied as
> SHA-1.  If |q| == 320, the HashAlgorithm MUST be specfied as AES-HASH.  This
> allows for future flexability if needed and specfies both DSA and SHA1 must
> be used today.
This is provisionally fine with me. I'd like to get a cryptographer's
opinion about DSA with |q|!=160, however. I'm not mathematician enough
to know that it's strong. 

> 2.  With regards to the RSA parameters, it would appear that the ONLY thing
> you are arguing againist is really the new padding algorithm that I
> suggested not the parameterization.  I am sure that you would allow the
> P1363 padding algorithm. (I have not verified it includes the hash name, but
> I assume it does.)  The fact that I am factorizing out the presentation
> should not be an issue with you.  Is this correct?
Mostly no. 

However, I'd like to see us come down on only a few different
padding algorithms. Is there any reason to support anything other
than PKCS-1v1.5 and some OAEP variant? 

Received on Thursday, 14 October 1999 18:00:53 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:32 UTC