W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2000

Re: DSA and RSA AlgIDs

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Mon, 08 May 2000 11:58:48 -0400
Message-Id: <3.0.5.32.20000508115848.009f6760@localhost>
To: EKR <ekr@rtfm.com>
Cc: tgindin@us.ibm.com, "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
At 08:32 AM 5/8/00 -0700, EKR wrote:
 >tgindin@us.ibm.com writes:
 >>      I think we should change, and not solely for consistency reasons.
 >> Although the DSS specifies SHA-1, it would be fairly easy to use a DSA
key
 >> with RIPEMD-160, and people might well call that signature algorithm
 >> "dsa-ripe".
 >We've been over this ground a number of times already. This doesn't
 >work. There's a substitution attack on DSA unless the standard
 >clearly specifies which digest algorithm to use [1].
 
Does this preclude us from changing the name for consistency sake. (Granted,
we do need to specify a single algorithm for interoperability and security,
but does that mean we shouldn't represent it as part of its ID?)

 >Check the archives 
 >http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/1999OctDec/0079.html
 >and sequelae for a description of the attack.
 >
 >-Ekr
 >
 >[1] Except that if you use an extension of DSA with a longer q
 >then you can use different digest algorithms for each size of q.


_________________________________________________________
Joseph Reagle Jr.   
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Monday, 8 May 2000 11:59:45 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT