- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Mon, 27 Nov 2000 16:14:44 -0500
- To: "Aram Perez" <aperez@wavesys.com>
- Cc: jimsch@nwlink.com, "'Xml-Encryption \(E-mail\)" <xml-encryption@w3.org>
Hi Aram, I'm going through emails and tweaking the requirements document, two quick points: At 10:31 11/21/2000 -0800, Aram Perez wrote: >other key lengths and TripleDES are MAY. **#** My concern is whether we >expect >to publish our specification before AES becomes an official standard. Is >there >anyway of specifying something like "TripleDES is a MUST until AES is >official. >When AES is official, then AES is a MUST and TripleDES is a MAY." From a specification conformance point of view, this wouldn't make much sense: at some undefined point, something is published and the meaning of our conformance changes. At W3C, a Recommendation has a specific static meaning via references to other dated/static specifications. If we find that AES is being advanced too slowly, we need to wait for it, or move on without it. >Recommondation.: Make the AES keywrap from the NSA be the manditory when it >appears. **#** I would also add a recommendation that "weaker" keys not wrap >"stronger" keys, i.e., don't wrap a TripleDES key with a 64 bit RC2 key. I'll leave this to the specification or an implementation recommendation. __ Joseph Reagle Jr. W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Monday, 27 November 2000 16:54:31 UTC