Re: FW: Re: rsa/oaep from merlin on 2002-04-08 (xml-encryption@w3.org from April 2002)

From: merlin <merlin@baltimore.ie>
Date: Tue, 09 Apr 2002 00:22:02 +0100
To: reagle@w3.org
Cc: Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>, xml-encryption@w3.org
Message-Id: <20020408232202.824A843BEA@yog-sothoth.ie.baltimore.com>

Does it need a new namespace? It's just deprecating an old ambiguous
algorithm URI and replacing it with a new, more explicit URI in the same
namespace. We're not changing the schema.

I think that the current text with the old algorithm URI remains vague;
the RSAES-OAEP-ENCRYPT algorithm actually takes *three* parameters;
the hash function, the mask generation function, and the P source
function. We've selected MGF1/SHA-1 and P-specified, so the parameters
to _our_ function are the hash function and P value.

I just personally think that a more explicit algorithm URI would help
clarify things.

Merlin

r/reagle@w3.org/2002.04.08/18:15:45
>On Thursday 07 March 2002 11:04, Eastlake III Donald-LDE008 wrote:
>> I don't have any objection to changing to hyphenated form. But if the
>> algorithms are going to be explicitly represented in the URI, then the
>> algorithm provided for in OAEP to calculate the encoding parameters and
>> which is usually an algorithm which simply uses the constant parameter
>> provided should be represented. So I've attached it changed to
>> rsa-oaep-mgf1-sha1-p in the attached.
>
>I believe [1] now has the text (please confirm). However, with respect to 
>Merlin asking, "This looks good, although would it be too much to ask for 
>it to be called #rsa-oaep-mgf1-sha1?" I fear it would be. 
>
>There are existing implementations using the existing identifier 
>"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p". I fear the change make 
>cause existing instances to fail. If we believe it worthwhile, we can 
>create a new namespace but I expect there would be opposition to that.
>
>[1] 
>http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/Overview.html#sec-RSA-OAE
>P
>new revision: 1.171
>

-----------------------------------------------------------------------------
Baltimore Technologies plc will not be liable for direct,  special,  indirect 
or consequential  damages  arising  from  alteration of  the contents of this
message by a third party or as a result of any virus being passed on.

This footnote confirms that this email message has been swept by
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.
   http://www.baltimore.com

Received on Monday, 8 April 2002 19:22:09 UTC