Hi, unfortunaltely, I can't participate in today's telecon, so here my intentions: --On Mittwoch, 30. Januar 2002 14:58 -0500 Joseph Reagle <reagle@w3.org> wrote: > Pending > > 1. Encrypting the IV > Do we encrypt the IV? > > http://lists.w3.org/Archives/Public/xml-encryption/2002Jan/0128.html - I do not want to delete plaintext-IV stuff from the spec. - I would like to see to get an OPTIONAL ECB-encrypted-IV for AES and possibly for 3DES. But this depends on WG consensus: If I'm the only person who thinks that this would make sense, then stop it. Then this has to be a proprietary, user-defined mechanism. > 2. Password Derivation > Is Christian's understanding of what a password derivation is > accurate? Do we still wish to not specify this ourselves? > > http://lists.w3.org/Archives/Public/xml-encryption/2002Jan/0117.html Here the same: If I'm the only person who things that this would make sense, then stop it. It was only the question if password- or passphrase-based enryption is an issue for others, too. Applications like PGP do completely depend on passwords (user-supplied strings with probably a low entrophy), so if we want something similar (competing?), this could be interesting. Regards and have a nice day, ChristianReceived on Monday, 4 February 2002 06:00:11 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:20 GMT