Re: DigestMethod in AgreementMethod

On Wednesday 10 April 2002 13:55, Jiandong Guo wrote:
> The DiggestMethod child in the element AgreementMethod is optional.
> Since it is necessary to
> have a digest method specified to compute the shared secret, should we
> also set the default to be SHA1 if
> not provided? This is in parallel with what has been done for RSA-OAEP.

I was going to raise this issue myself (given I owe your a response on the 
identifier issue) but in the opposite direction: I do not like the optional 
SHA1 proposed in the RSA-OAEP text since the Candidate REC. At the start of 
xmldsig we made a, IMHO well founded, decision not to rely upon implicit 
options, or default syntax in the schema DTD. We erred on the side of 
explicitness: if a bit of syntax wasn't there, then the meaning was known 
to the applications or to no one at all. 

We could do assign an default semantic to nearly every bit of syntax, but 
for better or worse, xmldsig and xenc went the explicit route and I don't 
want to start creating exceptions now.


-- 

Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Wednesday, 10 April 2002 14:50:16 UTC