W3C home > Mailing lists > Public > xml-encryption@w3.org > December 2000

RE: Algorithm Selections

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Mon, 04 Dec 2000 16:05:31 -0500
Message-Id: <4.3.2.7.2.20001204154140.00b9fda8@rpcp.mit.edu>
To: <dick@8760.com>
Cc: <hal@finney.org>, <xml-encryption@w3.org>
Hi Dick,

One of the nice thing about XML based technologies is that it is very 
extensible. For instance, Simon easily extended Signature for use with ECC 
IDs/structures [0]. In terms of encryption key structures I'd expect the WG 
to provide a key structure for the mandatory algorithms that require a 
format (if it doesn't already exist.) A simple PGP structure is already 
defined in xmldsig in [1] . Otherwise, the requirements over algorithms and 
key structures will be put to the WG via the requirements document [2] and I 
think this will be influenced by members sense of what the dominant 
algorithms are, and what's been written (e.g., someone wrote up text for a 
set of algorithms like [0]) and what will be implemented (e.g., those 
algorithms/structures during interop.)

So with respect to your request of "support" PGP, could you be specific so I 
can include it in [2]? Are you advocating it be the mandatory algorithm in 
one or more of the algorithm types, or a particular key structure?

[0] 
http://search.ietf.org/internet-drafts/draft-blake-wilson-xmldsig-ecdsa-00.txt
[1] http://www.w3.org/TR/2000/CR-xmldsig-core-20001031/
[2] http://www.w3.org/2000/11/15-xml-encryption-req.html


At 10:45 12/2/2000 -0600, Dick Brooks wrote:
>Regard Hal Finney's comment:
>
> > From the security perspective, there exist deployed keys and PKIs
> > and there is a desire to extend the functionality of this existing
> > infrastructure to be able to secure XML documents.  From this perspective,
> > it is desirable to make sure that existing keys are supported by the
> > XML security specs.
> >
>
>I completely agree with the position that XML-encryption make use of
>existing
>and ubiquitous keys, especially keys used by PGP. In 1996, the
>Department of Energy mandated that every Interstate Natural Gas Pipeline
>Company use PGP to
>sign/encrypt Internet E-Commerce transactions. The DOE mandate was based on
>standards specified
>by the Gas Industry Standards Board, Electronic Delivery Mechanism (GISB
>EDM). Within the
>past two years various state Public Utility Commissions have adopted the
>GISB EDM standard for
>Internet E-Commerce transactions within the Electric Industry.
>
>Enron, one of the largest Energy companies in the U.S. has conducted over
>$183 Billion
>in Internet E-Commerce, ref:
>http://www.computerworld.com/cwi/story/0,1199,NAV47_STO54149,00.html
>Enron was the first company to use the GISB EDM standard for Internet
>E-Commerce
>in April of 1997.
>
>As co-chairman of GISB's EDM committee I respectfully request that members
>of the
>XML encryption workgroup include a requirement to support PGP.
>
>Dick Brooks (co-chair GISB EDM committee)
>Group 8760
>110 12th Street North
>Birmingham, AL 35203
>dick@8760.com
>205-250-8053
>Fax: 205-250-8057
>http://www.8760.com/
>
>InsideAgent - Empowering e-commerce solutions


__
Joseph Reagle Jr.
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Monday, 4 December 2000 16:06:15 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:18 GMT