W3C home > Mailing lists > Public > www-xkms@w3.org > July 2004

RE: RSAKeyPair/RSAKeyValue issue

From: Roland Lockhart <roland.lockhart@entrust.com>
Date: Thu, 8 Jul 2004 15:00:38 -0400
Message-ID: <BFB44293CE13C9419B7AFE7CBC35B939067454CA@sottmxs08.entrust.com>
To: "'jose.kahan@w3.org'" <jose.kahan@w3.org>, www-xkms@w3.org

Hi Jose,

This would break the existing Entrust implementation if and only if the XKMS
schema namespace changed as a result. Our implementation does not directly
use RSAKeyValue or RSAKeyPair.

- Roland

> -----Original Message-----
> From: www-xkms-request@w3.org 
> [mailto:www-xkms-request@w3.org] On Behalf Of Jose Kahan
> Sent: July 8, 2004 2:48 PM
> To: www-xkms@w3.org
> Subject: Re: RSAKeyPair/RSAKeyValue issue
> 
> 
> 
> Hi,
> 
> Per my action item, I consulted with my colleagues how to 
> make the schema change. As I suspected it requires more 
> verification from our side. More precisely, quoting Dan 
> Connolly's message:
> 
> ---
> The answer depends on real-world data about which design
> is more widely deployed and what it costs (outside the WG
> as well as inside) to change it.
> ---
> 
> We need to estimate what has been implemented and
> what are the consequences of making this change, will it 
> change existing implementations and how much, how easy it 
> will be for other people to adopt the change.
> 
> If we can't give this estimation, we have to make this change 
> in a way that's fair to existing implementations. If it's too 
> expensive, we may opt to keep xkms:RSAKeyValue then.
> 
> You'll find here below a summary of the issues.
> 
> Please send your feedback as to whether this change will break 
> your implementation
> 
> -- What is the proposed change (from Tommy's mail)
> 
> The spec refers to xkms:RSAKeyPair to communicate the public 
> and private parts of an RSA key (section 6.4), but the schema and 
> the examples use xkms:RSAKeyValue. Tommy and Stephen propose 
> to make the change to xkms:RSAKeyPair as it makes more sense 
> and this removes any possible confusion with ds:RSAKeyValue.
> 
> -- What do actual implementations do now?
> 
> I don't know if current implementations are using RSAKeyValue 
> or RSAKeyPair. Have people used the schema or the spec itself 
> when defining their service?
> 
> I am not sure if this element is only used when doing an X-KRSS 
> recover operation or if it can be used elsewhere. Maybe when 
> generating or registrering a key.
> 
> -- How will this change existing test cases?
> 
> -- What we will do if some peple say yes and some say no to 
> this change?
> 
> -- Do the resulting implementations interoperate?
> 
> --- What are the failure modes? clearly reported errors
>     or subtle security bugs?  
> 
> -- Who's likely to say yes? Who's likely to say no?
> 
> 
> -jose
> 
Received on Thursday, 8 July 2004 15:16:10 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:42 UTC