W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

RE: Parameters and Algorithms.

From: Jim Schaad (Exchange) <jimsch@EXCHANGE.MICROSOFT.com>
Date: Thu, 14 Oct 1999 16:10:54 -0700
Message-ID: <EAB5B8B61A04684198FF1D0C1B3ACD194A7087@DINO>
To: "'Eric Rescorla'" <ekr@rtfm.com>
Cc: "W3c-Ietf-Xmldsig (E-mail)" <w3c-ietf-xmldsig@w3.org>


> -----Original Message-----
> From: Eric Rescorla [mailto:ekr@rtfm.com]
> Sent: Thursday, October 14, 1999 3:01 PM
> To: Jim Schaad (Exchange)
> Cc: W3c-Ietf-Xmldsig (E-mail)
> Subject: Re: Parameters and Algorithms. 
> 
> 
> > OK -- lets put this argument on hold for a while and look 
> at the original
> > proprosal again.
> > 
> > 1.  If we put the statment in the draft that the only HashAlgorithm
> > parameter that can be specified with DSA is SHA-1 we can 
> make a future
> > modification to the following statement.
> > When DSA is specified, if |q| == 160, the HashAlgorithm 
> MUST be specfied as
> > SHA-1.  If |q| == 320, the HashAlgorithm MUST be specfied 
> as AES-HASH.  This
> > allows for future flexability if needed and specfies both 
> DSA and SHA1 must
> > be used today.
> This is provisionally fine with me. I'd like to get a cryptographer's
> opinion about DSA with |q|!=160, however. I'm not mathematician enough
> to know that it's strong. 
> 
> > 2.  With regards to the RSA parameters, it would appear 
> that the ONLY thing
> > you are arguing againist is really the new padding algorithm that I
> > suggested not the parameterization.  I am sure that you 
> would allow the
> > P1363 padding algorithm. (I have not verified it includes 
> the hash name, but
> > I assume it does.)  The fact that I am factorizing out the 
> presentation
> > should not be an issue with you.  Is this correct?
> Mostly no. 
> 
> However, I'd like to see us come down on only a few different
> padding algorithms. Is there any reason to support anything other
> than PKCS-1v1.5 and some OAEP variant? 

There appears to be an issue with FIPS for US Government.  I believe they
are adopting a different padding standard than either PKCS-1v1.5 or
PKCS-1v2.0 (an OAEP variant).

> 
> -Ekr
> 
jim 
Received on Thursday, 14 October 1999 19:11:04 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT