Re: MAC and HMAC

Hi Dave,

r/dave.roberts@saaconsultants.com/2001.10.18/17:44:40
>On Fri, 12 Oct 2001, Joseph Reagle wrote:
>> HMAC-SHA1 is actually to be used as the SignatureAlgorithm (though security 
>> concerns prompts us to distinguish between "Signature" and "MAC" in the 
>> algorithm characterizations.) Consequently, the key would be identified in 
>> KeyInfo.

>May I ask what type of KeyInfo would you use?

KeyName to identify a shared secret (used in some interop
samples). Alternatively, if a KeyAgreement (xmlenc) was
used to derive a shared encryption key, the same
KeyAgreement could be used to derive an HMAC key as an
integrity check.

Merlin


-----------------------------------------------------------------------------
Baltimore Technologies plc will not be liable for direct,  special,  indirect 
or consequential  damages  arising  from  alteration of  the contents of this
message by a third party or as a result of any virus being passed on.

In addition, certain Marketing collateral may be added from time to time to
promote Baltimore Technologies products, services, Global e-Security or
appearance at trade shows and conferences.

This footnote confirms that this email message has been swept by
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.
   http://www.baltimore.com

Received on Thursday, 18 October 2001 13:08:41 UTC