Hi Aram, I'm going through emails and tweaking the requirements document, two quick points: At 10:31 11/21/2000 -0800, Aram Perez wrote: >other key lengths and TripleDES are MAY. **#** My concern is whether we >expect >to publish our specification before AES becomes an official standard. Is >there >anyway of specifying something like "TripleDES is a MUST until AES is >official. >When AES is official, then AES is a MUST and TripleDES is a MAY." From a specification conformance point of view, this wouldn't make much sense: at some undefined point, something is published and the meaning of our conformance changes. At W3C, a Recommendation has a specific static meaning via references to other dated/static specifications. If we find that AES is being advanced too slowly, we need to wait for it, or move on without it. >Recommondation.: Make the AES keywrap from the NSA be the manditory when it >appears. **#** I would also add a recommendation that "weaker" keys not wrap >"stronger" keys, i.e., don't wrap a TripleDES key with a 64 bit RC2 key. I'll leave this to the specification or an implementation recommendation. __ Joseph Reagle Jr. W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/Received on Monday, 27 November 2000 16:54:31 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:18 GMT