W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 2001

Re: MAC and HMAC

From: merlin <merlin@baltimore.ie>
Date: Thu, 18 Oct 2001 18:08:35 +0100
To: Dave Roberts <dave.roberts@saaconsultants.com>
Cc: dsig <w3c-ietf-xmldsig@w3.org>
Message-Id: <20011018170835.9ED0343C13@yog-sothoth.ie.baltimore.com>

Hi Dave,

>On Fri, 12 Oct 2001, Joseph Reagle wrote:
>> HMAC-SHA1 is actually to be used as the SignatureAlgorithm (though security 
>> concerns prompts us to distinguish between "Signature" and "MAC" in the 
>> algorithm characterizations.) Consequently, the key would be identified in 
>> KeyInfo.

>May I ask what type of KeyInfo would you use?

KeyName to identify a shared secret (used in some interop
samples). Alternatively, if a KeyAgreement (xmlenc) was
used to derive a shared encryption key, the same
KeyAgreement could be used to derive an HMAC key as an
integrity check.


Baltimore Technologies plc will not be liable for direct,  special,  indirect 
or consequential  damages  arising  from  alteration of  the contents of this
message by a third party or as a result of any virus being passed on.

In addition, certain Marketing collateral may be added from time to time to
promote Baltimore Technologies products, services, Global e-Security or
appearance at trade shows and conferences.

This footnote confirms that this email message has been swept by
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.
Received on Thursday, 18 October 2001 13:08:41 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:36 UTC