W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 2001

Re: MAC and HMAC

From: Joseph Reagle <reagle@w3.org>
Date: Fri, 12 Oct 2001 20:31:32 -0400
To: Naveen Kumar Konduru <konduru27@yahoo.com>
Cc: dsig <w3c-ietf-xmldsig@w3.org>
Message-Id: <20011013003133.6B43D87355@policy.w3.org>

HMAC-SHA1 is actually to be used as the SignatureAlgorithm (though security 
concerns prompts us to distinguish between "Signature" and "MAC" in the 
algorithm characterizations.) Consequently, the key would be identified in 
KeyInfo.

On Monday 08 October 2001 6:49, you wrote:
> I have some doubts regarding MAC and HMAC.
> I successfully completed sign process using RSA with
> SHA1 and DSA with SHA1, but struck up with MAC. Where
> can we implement HMAC for signing process. If I am not
> wrong HMAC is symmetric key algorihm where key can be
> generated  randomly or using password, but where can
> we place or store session key in signed document. I am
> not clear with implementation of MAC and HMAC in
> standard document(XML-Signature Syntax and Processing
> W3C Candidate Recommendation 19-April-2001).Please
> elaborate implementation of HMAC.


-- 
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
Received on Friday, 12 October 2001 20:31:35 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:14 GMT