W3C home > Mailing lists > Public > xml-encryption@w3.org > November 2000

Re: Algorithm Selections

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Mon, 27 Nov 2000 16:14:44 -0500
Message-Id: <4.3.2.7.2.20001127160944.00b90b50@rpcp.mit.edu>
To: "Aram Perez" <aperez@wavesys.com>
Cc: jimsch@nwlink.com, "'Xml-Encryption \(E-mail\)" <xml-encryption@w3.org>
Hi Aram, I'm going through emails and tweaking the requirements document, 
two quick points:

At 10:31 11/21/2000 -0800, Aram Perez wrote:
>other key lengths and TripleDES are MAY. **#** My concern is whether we 
>expect
>to publish our specification before AES becomes an official standard. Is 
>there
>anyway of specifying something like "TripleDES is a MUST until AES is 
>official.
>When AES is official, then AES is a MUST and TripleDES is a MAY."

 From a specification conformance point of view, this wouldn't make much 
sense: at some undefined point, something is published and the meaning of 
our conformance changes. At W3C, a Recommendation has a specific static 
meaning via references to other dated/static specifications. If we find that 
AES is being advanced too slowly, we need to wait for it, or move on without 
it.

>Recommondation.:  Make the AES keywrap from the NSA be the manditory when it
>appears. **#** I would also add a recommendation that "weaker" keys not wrap
>"stronger" keys, i.e., don't wrap a TripleDES key with a 64 bit RC2 key.

I'll leave this to the specification or an implementation recommendation.


__
Joseph Reagle Jr.
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Monday, 27 November 2000 16:54:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:18 GMT