W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 2001

Re: MAC and HMAC

From: merlin <merlin@baltimore.ie>
Date: Thu, 18 Oct 2001 18:08:35 +0100
To: Dave Roberts <dave.roberts@saaconsultants.com>
Cc: dsig <w3c-ietf-xmldsig@w3.org>
Message-Id: <20011018170835.9ED0343C13@yog-sothoth.ie.baltimore.com>

Hi Dave,

r/dave.roberts@saaconsultants.com/2001.10.18/17:44:40
>On Fri, 12 Oct 2001, Joseph Reagle wrote:
>> HMAC-SHA1 is actually to be used as the SignatureAlgorithm (though security 
>> concerns prompts us to distinguish between "Signature" and "MAC" in the 
>> algorithm characterizations.) Consequently, the key would be identified in 
>> KeyInfo.

>May I ask what type of KeyInfo would you use?

KeyName to identify a shared secret (used in some interop
samples). Alternatively, if a KeyAgreement (xmlenc) was
used to derive a shared encryption key, the same
KeyAgreement could be used to derive an HMAC key as an
integrity check.

Merlin


-----------------------------------------------------------------------------
Baltimore Technologies plc will not be liable for direct,  special,  indirect 
or consequential  damages  arising  from  alteration of  the contents of this
message by a third party or as a result of any virus being passed on.

In addition, certain Marketing collateral may be added from time to time to
promote Baltimore Technologies products, services, Global e-Security or
appearance at trade shows and conferences.

This footnote confirms that this email message has been swept by
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.
   http://www.baltimore.com
Received on Thursday, 18 October 2001 13:08:41 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:14 GMT