W3C home > Mailing lists > Public > xml-encryption@w3.org > December 2001

Re: 4 Dec 2001 updated Section 5

From: Joseph Reagle <reagle@w3.org>
Date: Wed, 5 Dec 2001 11:41:53 -0500
To: Donald E Eastlake 3rd <dee3@torque.pothole.com>, xml-encryption <xml-encryption@w3.org>
Cc: lde008@email.mot.com
Message-Id: <20011205164154.5EA131072@policy.w3.org>
On Wednesday 05 December 2001 00:49, Donald E Eastlake 3rd wrote:
> Attached is a further updated section 5.  Changes are:

Thanks Don, they are now in:
 http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/  
 $Revision: 1.83 $ 

> (1) While the algorithm table was correct, sections 5.2.2 and 5.6.3
> incorreclty listed AES-192 as REQUIRED and AES-256 as OPTIONAL. It's the
> other way around.

Now that were in Last Call -> CR transition, does anyone know where we 
stand on AES key wraps?

> (5) Reordering of the concatenation feed to the specified Digest
> Algorithm to producing keying material from an agreed secret quantity in
> Sedtion 5.5.

Note: XML Encryption does NOT provide an on-line key agreement negotiation 
protocol. The key agreement structure defined here is only suitable for 
off-line agreement. Agreement based, for example, on trusted recipient key 
information obtained previously from some public key infrastructure by the 
originator. If a key has been agreed to via some previous on-line protocol, 
it would be more natural to use a KeyName or the like to refer to an agreed 
name. 

How would you define/distinguish a previous online and previous offline 
method?

-- 

Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
Received on Wednesday, 5 December 2001 11:42:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:19 GMT