Joseph, >Couldn't one use encrypt <ds:KeyValue/> as a <enc:EncryptedKey/> without >resorting to ASN.1? Yes, the only problem is that we have to choose a key derivation function for the password based encryption, and this is out of scope for the spec. Choosing something like PKCS#5 v2 or PKCS#12 for PBE would work, but nobody has specified this. >Well, this is one of those issues that if you specifiy/propose some text >for section 5, you might be able to win a consensus from the WG to adopt >it, but absent someone, who wants it, making a substantive proposal and >convincing others, it's not likely to happen! <smile/> Fair enough :) I just wanted to see if it was thought about. I can't say I have the expertise to make a proposal, although if I did, I would specify PBE as specified in PKCS#5 version 2, but I'm not an expert and not aware of advances in PBE "technology." Any takers? Blake Dournaee Toolkit Applications Engineer RSA SecurityReceived on Wednesday, 31 October 2001 17:53:41 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:19 GMT