- From: Jim Schaad (Exchange) <jimsch@EXCHANGE.MICROSOFT.com>
- Date: Thu, 14 Oct 1999 16:10:54 -0700
- To: "'Eric Rescorla'" <ekr@rtfm.com>
- Cc: "W3c-Ietf-Xmldsig (E-mail)" <w3c-ietf-xmldsig@w3.org>
> -----Original Message----- > From: Eric Rescorla [mailto:ekr@rtfm.com] > Sent: Thursday, October 14, 1999 3:01 PM > To: Jim Schaad (Exchange) > Cc: W3c-Ietf-Xmldsig (E-mail) > Subject: Re: Parameters and Algorithms. > > > > OK -- lets put this argument on hold for a while and look > at the original > > proprosal again. > > > > 1. If we put the statment in the draft that the only HashAlgorithm > > parameter that can be specified with DSA is SHA-1 we can > make a future > > modification to the following statement. > > When DSA is specified, if |q| == 160, the HashAlgorithm > MUST be specfied as > > SHA-1. If |q| == 320, the HashAlgorithm MUST be specfied > as AES-HASH. This > > allows for future flexability if needed and specfies both > DSA and SHA1 must > > be used today. > This is provisionally fine with me. I'd like to get a cryptographer's > opinion about DSA with |q|!=160, however. I'm not mathematician enough > to know that it's strong. > > > 2. With regards to the RSA parameters, it would appear > that the ONLY thing > > you are arguing againist is really the new padding algorithm that I > > suggested not the parameterization. I am sure that you > would allow the > > P1363 padding algorithm. (I have not verified it includes > the hash name, but > > I assume it does.) The fact that I am factorizing out the > presentation > > should not be an issue with you. Is this correct? > Mostly no. > > However, I'd like to see us come down on only a few different > padding algorithms. Is there any reason to support anything other > than PKCS-1v1.5 and some OAEP variant? There appears to be an issue with FIPS for US Government. I believe they are adopting a different padding standard than either PKCS-1v1.5 or PKCS-1v2.0 (an OAEP variant). > > -Ekr > jim
Received on Thursday, 14 October 1999 19:11:04 UTC