W3C home > Mailing lists > Public > xml-encryption@w3.org > April 2002

Re: FW: Re: rsa/oaep

From: Joseph Reagle <reagle@w3.org>
Date: Fri, 26 Apr 2002 11:23:55 -0400
Message-Id: <200204261523.LAA24741@tux.w3.org>
To: "Tom Gindin" <tgindin@us.ibm.com>
Cc: xml-encryption@w3.org
Your dissent is noted as such in the bottom issue in:
  http://www.w3.org/Encryption/2001/11/last-call-issues#CandidateREC

On Friday 26 April 2002 07:42, Tom Gindin wrote:
>       I wish to document my view that treating the default MGF as
> MGF1(SHA-1) rather than MGF1(DigestMethod) is a mistake, although I
> appear to have been outvoted.  The currently posted draft does not make
> clear which interpretation is to be used ("using the mask generator
> function MGF1 specified in RFC 2437"), and the apparent reason for the
> defaulting in PKCS#1 is that it is easiest to default values to a literal
> constant in ASN.1.  There is no syntax defined in the draft by which the
> MGF1's digest method can be specified, unlike in PKCS#1.  While Don is
> correct that there are no reasons why the DigestMethod and the MGF1's
> digest method must match, the reasons for increasing the range size of
> one apply almost equally strongly to the other, and increases in the
> range size of a digest method are IMO the principal reason for the use of
> an algorithm other than SHA-1 in this context.
>       Current implementations which use SHA-1 for both the DigestMethod
> and the MGF's digest method would be unaffected by either interpretation.
> Nobody has stated AFAIK that they have implemented anything other than
> SHA-1 for either digest method.
Received on Friday, 26 April 2002 11:23:58 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:21 GMT