W3C home > Mailing lists > Public > xml-encryption@w3.org > April 2002

Re: FW: Re: rsa/oaep

From: jiandong guo <jguo@phaos.com>
Date: Wed, 17 Apr 2002 22:40:00 -0700
Message-ID: <000801c1e69b$7ea44a20$04feabac@vaio>
To: "Tom Gindin" <tgindin@us.ibm.com>
Cc: <xml-encryption@w3.org>, <reagle@w3c.org>
>       Looking at the way this is currently done, it would be more
> consistent to create a second optional element ("ds:MGFDigest") under
> RSA-OAEP with the note in the specification that if this method is omitted
> it is considered as equal to ds:DigestMethod, and that if ds:DigestMethod
> is omitted it is considered as equal to "SHA-1".  Alternatively, we could
> put maxOccurs of ds:DigestMethod as 2, with the interpretation (explicit
in
> the spec) that if both are present the first is the hash algorithm and the
> second the MGF, if one is present it's used for both, and if neither is
> present both are set to "SHA-1".  I can see no reason why ds:DigestMethod
> should not have a "maxOccurs" value.

It is conceptually wrong to put the ds:MGFDigest (or we should use
ds:MGF1Digest) in the same level with ds:DigestMehtod and OAEPParameters.
If we want  flexibility of the hash
function in MGF1, I think we should have a MaskGenerationFunction element
which has its own
URI attribute identifying the algorithm and parameters (in the case of MGF1,
a hash function).
Only in this way we can be consistant with the RSA-OAEP ASN.1 syntax  as
specified in PKCS1 2.0.
But I guess this not what they originally desired. In this case I think the
best we can do is to fix the
Mask Generation Function.

Jiandong
Received on Wednesday, 17 April 2002 22:49:08 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:03 UTC