- From: <hal@finney.org>
- Date: Fri, 1 Dec 2000 14:07:31 -0800
- To: xml-encryption@w3.org
Joseph M. Reagle Jr., <reagle@w3.org>, writes: > In the XML context, our goal is quick/easy interop by specifying an absolute > minimum that takes advantage of likely/exiting deployment, no IPR problems, > and a minimal amount of work that we'd have to co-opt with respect to > providing identifiers and keywraps. (Like xmldsig, the only requirement is > for a simple DSAKeyValue. Everything else could have been skipped). Anything > else must be specified under an external algorithm-identifier and namespace. This depends on what you consider the goal of XML security. From the XML perspective, you want to add security features to XML documents: the ability to sign and encrypt them. From this perspective, providing a single key type and algorithm type is adequate. From the security perspective, there exist deployed keys and PKIs and there is a desire to extend the functionality of this existing infrastructure to be able to secure XML documents. From this perspective, it is desirable to make sure that existing keys are supported by the XML security specs. Continuing this perspective, it is less important that a wide range of symmetric encryption algorithms and hash algorithms are supported. Existing keys can generally be used with standard algorithms like 3DES and SHA. However it is important that existing public keys, deployed and in widespread use, are able to be used with XML security just as they are in other areas of security. Hal Finney
Received on Friday, 1 December 2000 17:05:57 UTC