W3C home > Mailing lists > Public > xml-encryption@w3.org > November 2000

Re: Algorithm Selections

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Mon, 27 Nov 2000 16:14:44 -0500
Message-Id: <>
To: "Aram Perez" <aperez@wavesys.com>
Cc: jimsch@nwlink.com, "'Xml-Encryption \(E-mail\)" <xml-encryption@w3.org>
Hi Aram, I'm going through emails and tweaking the requirements document, 
two quick points:

At 10:31 11/21/2000 -0800, Aram Perez wrote:
>other key lengths and TripleDES are MAY. **#** My concern is whether we 
>to publish our specification before AES becomes an official standard. Is 
>anyway of specifying something like "TripleDES is a MUST until AES is 
>When AES is official, then AES is a MUST and TripleDES is a MAY."

 From a specification conformance point of view, this wouldn't make much 
sense: at some undefined point, something is published and the meaning of 
our conformance changes. At W3C, a Recommendation has a specific static 
meaning via references to other dated/static specifications. If we find that 
AES is being advanced too slowly, we need to wait for it, or move on without 

>Recommondation.:  Make the AES keywrap from the NSA be the manditory when it
>appears. **#** I would also add a recommendation that "weaker" keys not wrap
>"stronger" keys, i.e., don't wrap a TripleDES key with a 64 bit RC2 key.

I'll leave this to the specification or an implementation recommendation.

Joseph Reagle Jr.
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Monday, 27 November 2000 16:54:31 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:59 UTC