- From: Thomas Roessler <tlr@w3.org>
- Date: Fri, 26 Sep 2008 17:50:02 +0200
- To: public-webapps@w3.org
- Cc: public-xmlsec@w3.org
Archiving, with permission of all those involved, and with apologies for having let this turn into a technical discussion off-list. Mark's message (the topmost one) includes a number of interesting design points, that should be further pursued. Regards, -- Thomas Roessler, W3C <tlr@w3.org> Begin forwarded message: > From: "Priestley, Mark, VF-Group" <Mark.Priestley@vodafone.com> > Date: 26 September 2008 15:12:28 CEDT > To: "Thomas Roessler" <tlr@w3.org>, "Arthur Barstow" <art.barstow@nokia.com > > > Cc: "ext Marcos Caceres" <marcosscaceres@gmail.com>, "Frederick > Hirsch" <frederick.hirsch@nokia.com>, "Arve Bersvendsen" <arveb@opera.com > > > Subject: RE: DRAFT: Seeking feedback regarding Widgets Digital > Signatures spec > > Apologies for joining the discussion late. > > I'm in agreement with what has been communicated so far. My opinion > would be that support for SHA-256 for Widgets 1.0 would represent the > good choice called for by Thomas. > > In terms of a good idea of how to change from one algorithm to another > at a later point in time, IMHO this is not an easy problem to solve. > The > main problem is supporting legacy devices. This will inevitably mean > that you need to sign all content using both algorithms for the > migration period, which may be quite some while and will be a real > pain. > During this time you'll also need to be able to tell which algorithms > the consuming device supports and send it the right content. Being > able > to update the widget engine OTA will help but can't be relied on. (I'm > sure this is all common knowledge but I thought it was worth repeating > as it's something that will impact Operators particularly acutely) > > My feeling therefore tends to be that it is prudent to mandate support > more than one algorithm as early as possible (although actually in our > case I'm starting to think that mandating support for SHA-1 is of > little > value if we are also planning to mandate support of SHA-256) but I'm > aware that this is not always an attractive proposal from an > implementer > or testers perspective. > > Thanks, > > Mark > > > > > -----Original Message----- > From: Thomas Roessler [mailto:tlr@w3.org] > Sent: 25 September 2008 18:44 > To: Arthur Barstow > Cc: ext Marcos Caceres; Frederick Hirsch; Priestley, Mark, VF-Group; > Arve Bersvendsen > Subject: Re: DRAFT: Seeking feedback regarding Widgets Digital > Signatures spec > > I'm not sure that the requirement I gave is one that would lead to > changes to the widget requirements spec -- it's more a general design > principle about using cryptographic algorithms. > > The fundamental point is that you need some useful migration story > from > one hash algorithm to another one. XML Signature has that, since it > identifies all algorithms by URI. So, unless you do something on your > own and just say in the spec "this is the sha-foo hash of the > following > data" without identifying the algorithm in the document, you should be > fine. > > The second point is, again, just the way in which you usually get > interoperability in a space where you have choices: Make some good > choices (maybe just *one* choice) for the purposes of a specific spec, > and be sure you have an idea how to change that later on. > > Hope this clarifies matters, > -- > Thomas Roessler, W3C <tlr@w3.org> > > > > On 25 Sep 2008, at 19:33, Arthur Barstow wrote: > >> Good question. Let's see what the domain experts say. >> >> My take is: >> >> * The first sentence in the current text will need to be updated to >> reflect req #1 from Thomas. >> >> * Regarding Thomas' req #2, perhaps that doesn't need to be an >> explicit requirement but something we need to address in the spec. >> It feels too much like a statement about the usage/deployment of XML >> Signature rather than a high-level req. >> >> -AB >> >> On Sep 25, 2008, at 10:49 AM, ext Marcos Caceres wrote: >> >>> On Thu, Sep 25, 2008 at 3:06 PM, Thomas Roessler <tlr@w3.org> wrote: >>>> totally, yes. >>>> >>>> So there are really two requirements here: >>>> >>>> 1. Do not use sha-256 implicitly, anywhere, so you can change >>>> later on. >>>> 2. Pick a decent set of algorithms. >>>> >>> >>> Does that means that R43. Support for Multiple Message Digest >>> Algorithms needs to be changed? it currently reads: >>> >>> "A conforming specification MUST recommend that where the integrity >>> of >>> data is protected using a message digest, it MUST be possible to use >>> the SHA-1 message digest algorithm or the SHA-256 message digest >>> algorithm. Due to known weaknesses in the SHA-1 algorithm and the >>> expected lifetime of implementations, a conforming specification >>> MUST >>> strongly recommend the use of SHA-256 to ensure that the overall >>> security of the solution is maintained." >>> >>> >>> -- >>> Marcos Caceres >>> http://datadriven.com.au >> > Begin forwarded message: > From: Thomas Roessler <tlr@w3.org> > Date: 25 September 2008 19:43:59 CEDT > To: Arthur Barstow <art.barstow@nokia.com> > Cc: ext Marcos Caceres <marcosscaceres@gmail.com>, "Frederick > Hirsch" <frederick.hirsch@nokia.com>, "Mark Priestley" <Mark.Priestley@vodafone.com > >, "Arve Bersvendsen" <arveb@opera.com> > Subject: Re: DRAFT: Seeking feedback regarding Widgets Digital > Signatures spec > > I'm not sure that the requirement I gave is one that would lead to > changes to the widget requirements spec -- it's more a general > design principle about using cryptographic algorithms. > > The fundamental point is that you need some useful migration story > from one hash algorithm to another one. XML Signature has that, > since it identifies all algorithms by URI. So, unless you do > something on your own and just say in the spec "this is the sha-foo > hash of the following data" without identifying the algorithm in the > document, you should be fine. > > The second point is, again, just the way in which you usually get > interoperability in a space where you have choices: Make some good > choices (maybe just *one* choice) for the purposes of a specific > spec, and be sure you have an idea how to change that later on. > > Hope this clarifies matters, > -- > Thomas Roessler, W3C <tlr@w3.org> > > > > On 25 Sep 2008, at 19:33, Arthur Barstow wrote: > >> Good question. Let's see what the domain experts say. >> >> My take is: >> >> * The first sentence in the current text will need to be updated to >> reflect req #1 from Thomas. >> >> * Regarding Thomas' req #2, perhaps that doesn't need to be an >> explicit requirement but something we need to address in the spec. >> It feels too much like a statement about the usage/deployment of >> XML Signature rather than a high-level req. >> >> -AB >> >> On Sep 25, 2008, at 10:49 AM, ext Marcos Caceres wrote: >> >>> On Thu, Sep 25, 2008 at 3:06 PM, Thomas Roessler <tlr@w3.org> wrote: >>>> totally, yes. >>>> >>>> So there are really two requirements here: >>>> >>>> 1. Do not use sha-256 implicitly, anywhere, so you can change >>>> later on. >>>> 2. Pick a decent set of algorithms. >>>> >>> >>> Does that means that R43. Support for Multiple Message Digest >>> Algorithms needs to be changed? it currently reads: >>> >>> "A conforming specification MUST recommend that where the >>> integrity of >>> data is protected using a message digest, it MUST be possible to use >>> the SHA-1 message digest algorithm or the SHA-256 message digest >>> algorithm. Due to known weaknesses in the SHA-1 algorithm and the >>> expected lifetime of implementations, a conforming specification >>> MUST >>> strongly recommend the use of SHA-256 to ensure that the overall >>> security of the solution is maintained." >>> >>> >>> -- >>> Marcos Caceres >>> http://datadriven.com.au >> > Begin forwarded message: > From: Arthur Barstow <art.barstow@nokia.com> > Date: 25 September 2008 19:33:17 CEDT > To: ext Marcos Caceres <marcosscaceres@gmail.com> > Cc: "Thomas Roessler" <tlr@w3.org>, "Frederick Hirsch" <frederick.hirsch@nokia.com > >, "Mark Priestley" <Mark.Priestley@vodafone.com>, "Arve > Bersvendsen" <arveb@opera.com> > Subject: Re: DRAFT: Seeking feedback regarding Widgets Digital > Signatures spec > > Good question. Let's see what the domain experts say. > > My take is: > > * The first sentence in the current text will need to be updated to > reflect req #1 from Thomas. > > * Regarding Thomas' req #2, perhaps that doesn't need to be an > explicit requirement but something we need to address in the spec. > It feels too much like a statement about the usage/deployment of XML > Signature rather than a high-level req. > > -AB > > On Sep 25, 2008, at 10:49 AM, ext Marcos Caceres wrote: > >> On Thu, Sep 25, 2008 at 3:06 PM, Thomas Roessler <tlr@w3.org> wrote: >>> totally, yes. >>> >>> So there are really two requirements here: >>> >>> 1. Do not use sha-256 implicitly, anywhere, so you can change >>> later on. >>> 2. Pick a decent set of algorithms. >>> >> >> Does that means that R43. Support for Multiple Message Digest >> Algorithms needs to be changed? it currently reads: >> >> "A conforming specification MUST recommend that where the integrity >> of >> data is protected using a message digest, it MUST be possible to use >> the SHA-1 message digest algorithm or the SHA-256 message digest >> algorithm. Due to known weaknesses in the SHA-1 algorithm and the >> expected lifetime of implementations, a conforming specification MUST >> strongly recommend the use of SHA-256 to ensure that the overall >> security of the solution is maintained." >> >> >> -- >> Marcos Caceres >> http://datadriven.com.au > Begin forwarded message: > From: "Marcos Caceres" <marcosscaceres@gmail.com> > Date: 25 September 2008 16:49:30 CEDT > To: "Thomas Roessler" <tlr@w3.org> > Cc: "Frederick Hirsch" <frederick.hirsch@nokia.com>, "Arthur > Barstow" <art.barstow@nokia.com>, "Mark Priestley" <Mark.Priestley@vodafone.com > >, "Arve Bersvendsen" <arveb@opera.com> > Subject: Re: DRAFT: Seeking feedback regarding Widgets Digital > Signatures spec > > On Thu, Sep 25, 2008 at 3:06 PM, Thomas Roessler <tlr@w3.org> wrote: >> totally, yes. >> >> So there are really two requirements here: >> >> 1. Do not use sha-256 implicitly, anywhere, so you can change later >> on. >> 2. Pick a decent set of algorithms. >> > > Does that means that R43. Support for Multiple Message Digest > Algorithms needs to be changed? it currently reads: > > "A conforming specification MUST recommend that where the integrity of > data is protected using a message digest, it MUST be possible to use > the SHA-1 message digest algorithm or the SHA-256 message digest > algorithm. Due to known weaknesses in the SHA-1 algorithm and the > expected lifetime of implementations, a conforming specification MUST > strongly recommend the use of SHA-256 to ensure that the overall > security of the solution is maintained." > > > -- > Marcos Caceres > http://datadriven.com.au > Begin forwarded message: > From: Frederick Hirsch <frederick.hirsch@nokia.com> > Date: 25 September 2008 16:07:28 CEDT > To: "ext Thomas Roessler" <tlr@w3.org> > Cc: Arthur Barstow <art.barstow@nokia.com>, Marcos Caceres <m.caceres@qut.edu.au > >, Mark Priestley <Mark.Priestley@vodafone.com>, Arve Bersvendsen <arveb@opera.com > > > Subject: Re: DRAFT: Seeking feedback regarding Widgets Digital > Signatures spec > > +1 > and maybe picking one algorithm now is simple and the way to go, but > in future a new edition might change the algs > > (e.g. someone is going to have to think about versioning, as usual.) > > regards, Frederick > > Frederick Hirsch > Nokia > > > > On Sep 25, 2008, at 10:06 AM, ext Thomas Roessler wrote: > >> totally, yes. >> >> So there are really two requirements here: >> >> 1. Do not use sha-256 implicitly, anywhere, so you can change later >> on. >> 2. Pick a decent set of algorithms. >> >> -- Thomas Roessler, W3C <tlr@w3.org> >> >> >> >> On 25 Sep 2008, at 16:03, Frederick Hirsch wrote: >> >>> indeed, but the SHA-1 risk is not the last risk we will ever see... >>> >>> regards, Frederick >>> >>> Frederick Hirsch >>> Nokia >>> >>> >>> >>> On Sep 25, 2008, at 9:56 AM, ext Thomas Roessler wrote: >>> >>>> Frederick, >>>> >>>> to your first point, they'll need to agree on some set of >>>> algorithms to get interoperability for widgets, as a platform. >>>> >>>> Regards, >>>> -- >>>> Thomas Roessler, W3C <tlr@w3.org> >>>> >>>> >>>> >>>> On 25 Sep 2008, at 15:52, Frederick Hirsch wrote: >>>> >>>>> one question I have is the following: >>>>> >>>>> XML Signature makes an effort to allow the specification of >>>>> algorithm with the data, thus allowing it to be self-specifying >>>>> and modifiable. Why do you feel a requirement to limit to a >>>>> single algorithm? What happens if you select RSA-SHA256 and then >>>>> a need is seen for SHA-512 or an alternative to RSA due to some >>>>> new attack or weakness? >>>>> >>>>> Why not leverage the flexibility of XML Signature to allow >>>>> different algorithms, along lines of Receiver MUST support RSA- >>>>> SHA1, RSA-SHA256 "or better" and Sender MUST support RSA-SHA256 >>>>> etc But perhaps I am anticipating WG discussion. >>>>> >>>>> Draft looks good, maybe >>>>> >>>>> s/Anyhow, d/D/ >>>>> #2 s/do/should >>>>> >>>>> Perhaps add #4, is there sense is supporting more than one >>>>> algorithm? >>>>> >>>>> >>>>> regards, Frederick >>>>> >>>>> Frederick Hirsch >>>>> Nokia >>>>> >>>>> >>>>> >>>>> On Sep 25, 2008, at 9:44 AM, Arthur Barstow wrote: >>>>> >>>>>> Below is my DRAFT e-mail to the XML Sec WG regarding Issue #22. >>>>>> >>>>>> Is this OK? If not, please send suggested changes that will >>>>>> make it OK. >>>>>> >>>>>> FYI, I discussed this impending e-mail with Frederick and he >>>>>> was agreeable to me including him on this Draft email. >>>>>> >>>>>> -Thanks, Art >>>>>> >>>>>> >>>>>> === START DRAFT >>>>>> >>>>>> To: public-xmlsec@w3.org >>>>>> Cc: public-webapps@w3.org >>>>>> Subject: Seeking feedback regarding Widgets Digital Signatures >>>>>> spec >>>>>> >>>>>> Frederick, All, >>>>>> >>>>>> As you may know, the Web Applications WG [WebApps] is working >>>>>> on a Digital Signature specification for "Widgets" (see >>>>>> [Widgets] for a definition of Widget in this context). >>>>>> >>>>>> The FPWD of our Digital Signature spec is at [DigSig-TR] and >>>>>> the latest Editor's Draft is available at [DigSig-ED]. >>>>>> >>>>>> Anyhow, during our August f2f meeting, we discussed what we >>>>>> call Issue #22 - "Is sha1 as a DigestMethod strong enough for >>>>>> Widgets digital signatures?" [Issue-22]. At then end of this >>>>>> discussion [Issue-22-Discuss] I agreed to the following action: >>>>>> >>>>>> [[ >>>>>> Ask the XML Sec WG "what algorithm do you recommend we use and >>>>>> what identifier should we use for it? >>>>>> ]] >>>>>> >>>>>> Our questions are: >>>>>> >>>>>> 1. What (if any) issues do you foresee if we require support >>>>>> for SHA-256 (rather than SHA-1)? >>>>>> >>>>>> 2. What algorithm do we use? >>>>>> >>>>>> 3. What identifier do we use for the algorithm? >>>>>> >>>>>> -Regards, Art Barstow >>>>>> Co-Chair of the WebApps WG >>>>>> >>>>>> [WebApps] <http://www.w3.org/2008/webapps/wiki/Main_Page> >>>>>> [Widgets] <http://www.w3.org/TR/widgets-reqs/#introduction> >>>>>> [DigSig-TR] <http://www.w3.org/TR/widgets-digsig/> >>>>>> [DigSig-ED] <http://dev.w3.org/2006/waf/widgets-digsig/> >>>>>> [Issue-22] <http://www.w3.org/2008/webapps/track/issues/22> >>>>>> [Issue-22-Discuss] <http://www.w3.org/2008/08/27-wam-minutes.html#item07 >>>>>> > >>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >> > Begin forwarded message: > From: Thomas Roessler <tlr@w3.org> > Date: 25 September 2008 16:06:09 CEDT > To: Frederick Hirsch <frederick.hirsch@nokia.com> > Cc: Arthur Barstow <art.barstow@nokia.com>, Marcos Caceres <m.caceres@qut.edu.au > >, Mark Priestley <Mark.Priestley@vodafone.com>, Arve Bersvendsen <arveb@opera.com > > > Subject: Re: DRAFT: Seeking feedback regarding Widgets Digital > Signatures spec > > totally, yes. > > So there are really two requirements here: > > 1. Do not use sha-256 implicitly, anywhere, so you can change later > on. > 2. Pick a decent set of algorithms. > > -- Thomas Roessler, W3C <tlr@w3.org> > > > > On 25 Sep 2008, at 16:03, Frederick Hirsch wrote: > >> indeed, but the SHA-1 risk is not the last risk we will ever see... >> >> regards, Frederick >> >> Frederick Hirsch >> Nokia >> >> >> >> On Sep 25, 2008, at 9:56 AM, ext Thomas Roessler wrote: >> >>> Frederick, >>> >>> to your first point, they'll need to agree on some set of >>> algorithms to get interoperability for widgets, as a platform. >>> >>> Regards, >>> -- >>> Thomas Roessler, W3C <tlr@w3.org> >>> >>> >>> >>> On 25 Sep 2008, at 15:52, Frederick Hirsch wrote: >>> >>>> one question I have is the following: >>>> >>>> XML Signature makes an effort to allow the specification of >>>> algorithm with the data, thus allowing it to be self-specifying >>>> and modifiable. Why do you feel a requirement to limit to a >>>> single algorithm? What happens if you select RSA-SHA256 and then >>>> a need is seen for SHA-512 or an alternative to RSA due to some >>>> new attack or weakness? >>>> >>>> Why not leverage the flexibility of XML Signature to allow >>>> different algorithms, along lines of Receiver MUST support RSA- >>>> SHA1, RSA-SHA256 "or better" and Sender MUST support RSA-SHA256 >>>> etc But perhaps I am anticipating WG discussion. >>>> >>>> Draft looks good, maybe >>>> >>>> s/Anyhow, d/D/ >>>> #2 s/do/should >>>> >>>> Perhaps add #4, is there sense is supporting more than one >>>> algorithm? >>>> >>>> >>>> regards, Frederick >>>> >>>> Frederick Hirsch >>>> Nokia >>>> >>>> >>>> >>>> On Sep 25, 2008, at 9:44 AM, Arthur Barstow wrote: >>>> >>>>> Below is my DRAFT e-mail to the XML Sec WG regarding Issue #22. >>>>> >>>>> Is this OK? If not, please send suggested changes that will make >>>>> it OK. >>>>> >>>>> FYI, I discussed this impending e-mail with Frederick and he was >>>>> agreeable to me including him on this Draft email. >>>>> >>>>> -Thanks, Art >>>>> >>>>> >>>>> === START DRAFT >>>>> >>>>> To: public-xmlsec@w3.org >>>>> Cc: public-webapps@w3.org >>>>> Subject: Seeking feedback regarding Widgets Digital Signatures >>>>> spec >>>>> >>>>> Frederick, All, >>>>> >>>>> As you may know, the Web Applications WG [WebApps] is working on >>>>> a Digital Signature specification for "Widgets" (see [Widgets] >>>>> for a definition of Widget in this context). >>>>> >>>>> The FPWD of our Digital Signature spec is at [DigSig-TR] and the >>>>> latest Editor's Draft is available at [DigSig-ED]. >>>>> >>>>> Anyhow, during our August f2f meeting, we discussed what we call >>>>> Issue #22 - "Is sha1 as a DigestMethod strong enough for Widgets >>>>> digital signatures?" [Issue-22]. At then end of this discussion >>>>> [Issue-22-Discuss] I agreed to the following action: >>>>> >>>>> [[ >>>>> Ask the XML Sec WG "what algorithm do you recommend we use and >>>>> what identifier should we use for it? >>>>> ]] >>>>> >>>>> Our questions are: >>>>> >>>>> 1. What (if any) issues do you foresee if we require support for >>>>> SHA-256 (rather than SHA-1)? >>>>> >>>>> 2. What algorithm do we use? >>>>> >>>>> 3. What identifier do we use for the algorithm? >>>>> >>>>> -Regards, Art Barstow >>>>> Co-Chair of the WebApps WG >>>>> >>>>> [WebApps] <http://www.w3.org/2008/webapps/wiki/Main_Page> >>>>> [Widgets] <http://www.w3.org/TR/widgets-reqs/#introduction> >>>>> [DigSig-TR] <http://www.w3.org/TR/widgets-digsig/> >>>>> [DigSig-ED] <http://dev.w3.org/2006/waf/widgets-digsig/> >>>>> [Issue-22] <http://www.w3.org/2008/webapps/track/issues/22> >>>>> [Issue-22-Discuss] <http://www.w3.org/2008/08/27-wam-minutes.html#item07 >>>>> > >>>>> >>>>> >>>>> >>>> >>> >> > Begin forwarded message: > From: Frederick Hirsch <frederick.hirsch@nokia.com> > Date: 25 September 2008 16:03:27 CEDT > To: "ext Thomas Roessler" <tlr@w3.org> > Cc: Arthur Barstow <art.barstow@nokia.com>, Marcos Caceres <m.caceres@qut.edu.au > >, Mark Priestley <Mark.Priestley@vodafone.com>, Arve Bersvendsen <arveb@opera.com > > > Subject: Re: DRAFT: Seeking feedback regarding Widgets Digital > Signatures spec > > indeed, but the SHA-1 risk is not the last risk we will ever see... > > regards, Frederick > > Frederick Hirsch > Nokia > > > > On Sep 25, 2008, at 9:56 AM, ext Thomas Roessler wrote: > >> Frederick, >> >> to your first point, they'll need to agree on some set of >> algorithms to get interoperability for widgets, as a platform. >> >> Regards, >> -- >> Thomas Roessler, W3C <tlr@w3.org> >> >> >> >> On 25 Sep 2008, at 15:52, Frederick Hirsch wrote: >> >>> one question I have is the following: >>> >>> XML Signature makes an effort to allow the specification of >>> algorithm with the data, thus allowing it to be self-specifying >>> and modifiable. Why do you feel a requirement to limit to a single >>> algorithm? What happens if you select RSA-SHA256 and then a need >>> is seen for SHA-512 or an alternative to RSA due to some new >>> attack or weakness? >>> >>> Why not leverage the flexibility of XML Signature to allow >>> different algorithms, along lines of Receiver MUST support RSA- >>> SHA1, RSA-SHA256 "or better" and Sender MUST support RSA-SHA256 >>> etc But perhaps I am anticipating WG discussion. >>> >>> Draft looks good, maybe >>> >>> s/Anyhow, d/D/ >>> #2 s/do/should >>> >>> Perhaps add #4, is there sense is supporting more than one >>> algorithm? >>> >>> >>> regards, Frederick >>> >>> Frederick Hirsch >>> Nokia >>> >>> >>> >>> On Sep 25, 2008, at 9:44 AM, Arthur Barstow wrote: >>> >>>> Below is my DRAFT e-mail to the XML Sec WG regarding Issue #22. >>>> >>>> Is this OK? If not, please send suggested changes that will make >>>> it OK. >>>> >>>> FYI, I discussed this impending e-mail with Frederick and he was >>>> agreeable to me including him on this Draft email. >>>> >>>> -Thanks, Art >>>> >>>> >>>> === START DRAFT >>>> >>>> To: public-xmlsec@w3.org >>>> Cc: public-webapps@w3.org >>>> Subject: Seeking feedback regarding Widgets Digital Signatures spec >>>> >>>> Frederick, All, >>>> >>>> As you may know, the Web Applications WG [WebApps] is working on >>>> a Digital Signature specification for "Widgets" (see [Widgets] >>>> for a definition of Widget in this context). >>>> >>>> The FPWD of our Digital Signature spec is at [DigSig-TR] and the >>>> latest Editor's Draft is available at [DigSig-ED]. >>>> >>>> Anyhow, during our August f2f meeting, we discussed what we call >>>> Issue #22 - "Is sha1 as a DigestMethod strong enough for Widgets >>>> digital signatures?" [Issue-22]. At then end of this discussion >>>> [Issue-22-Discuss] I agreed to the following action: >>>> >>>> [[ >>>> Ask the XML Sec WG "what algorithm do you recommend we use and >>>> what identifier should we use for it? >>>> ]] >>>> >>>> Our questions are: >>>> >>>> 1. What (if any) issues do you foresee if we require support for >>>> SHA-256 (rather than SHA-1)? >>>> >>>> 2. What algorithm do we use? >>>> >>>> 3. What identifier do we use for the algorithm? >>>> >>>> -Regards, Art Barstow >>>> Co-Chair of the WebApps WG >>>> >>>> [WebApps] <http://www.w3.org/2008/webapps/wiki/Main_Page> >>>> [Widgets] <http://www.w3.org/TR/widgets-reqs/#introduction> >>>> [DigSig-TR] <http://www.w3.org/TR/widgets-digsig/> >>>> [DigSig-ED] <http://dev.w3.org/2006/waf/widgets-digsig/> >>>> [Issue-22] <http://www.w3.org/2008/webapps/track/issues/22> >>>> [Issue-22-Discuss] <http://www.w3.org/2008/08/27-wam-minutes.html#item07 >>>> > >>>> >>>> >>>> >>> >> > Begin forwarded message: > From: Thomas Roessler <tlr@w3.org> > Date: 25 September 2008 15:56:53 CEDT > To: Frederick Hirsch <frederick.hirsch@nokia.com> > Cc: Arthur Barstow <art.barstow@nokia.com>, Marcos Caceres <m.caceres@qut.edu.au > >, Mark Priestley <Mark.Priestley@vodafone.com>, Arve Bersvendsen <arveb@opera.com > > > Subject: Re: DRAFT: Seeking feedback regarding Widgets Digital > Signatures spec > > Frederick, > > to your first point, they'll need to agree on some set of algorithms > to get interoperability for widgets, as a platform. > > Regards, > -- > Thomas Roessler, W3C <tlr@w3.org> > > > > On 25 Sep 2008, at 15:52, Frederick Hirsch wrote: > >> one question I have is the following: >> >> XML Signature makes an effort to allow the specification of >> algorithm with the data, thus allowing it to be self-specifying and >> modifiable. Why do you feel a requirement to limit to a single >> algorithm? What happens if you select RSA-SHA256 and then a need is >> seen for SHA-512 or an alternative to RSA due to some new attack or >> weakness? >> >> Why not leverage the flexibility of XML Signature to allow >> different algorithms, along lines of Receiver MUST support RSA- >> SHA1, RSA-SHA256 "or better" and Sender MUST support RSA-SHA256 etc >> But perhaps I am anticipating WG discussion. >> >> Draft looks good, maybe >> >> s/Anyhow, d/D/ >> #2 s/do/should >> >> Perhaps add #4, is there sense is supporting more than one algorithm? >> >> >> regards, Frederick >> >> Frederick Hirsch >> Nokia >> >> >> >> On Sep 25, 2008, at 9:44 AM, Arthur Barstow wrote: >> >>> Below is my DRAFT e-mail to the XML Sec WG regarding Issue #22. >>> >>> Is this OK? If not, please send suggested changes that will make >>> it OK. >>> >>> FYI, I discussed this impending e-mail with Frederick and he was >>> agreeable to me including him on this Draft email. >>> >>> -Thanks, Art >>> >>> >>> === START DRAFT >>> >>> To: public-xmlsec@w3.org >>> Cc: public-webapps@w3.org >>> Subject: Seeking feedback regarding Widgets Digital Signatures spec >>> >>> Frederick, All, >>> >>> As you may know, the Web Applications WG [WebApps] is working on a >>> Digital Signature specification for "Widgets" (see [Widgets] for a >>> definition of Widget in this context). >>> >>> The FPWD of our Digital Signature spec is at [DigSig-TR] and the >>> latest Editor's Draft is available at [DigSig-ED]. >>> >>> Anyhow, during our August f2f meeting, we discussed what we call >>> Issue #22 - "Is sha1 as a DigestMethod strong enough for Widgets >>> digital signatures?" [Issue-22]. At then end of this discussion >>> [Issue-22-Discuss] I agreed to the following action: >>> >>> [[ >>> Ask the XML Sec WG "what algorithm do you recommend we use and >>> what identifier should we use for it? >>> ]] >>> >>> Our questions are: >>> >>> 1. What (if any) issues do you foresee if we require support for >>> SHA-256 (rather than SHA-1)? >>> >>> 2. What algorithm do we use? >>> >>> 3. What identifier do we use for the algorithm? >>> >>> -Regards, Art Barstow >>> Co-Chair of the WebApps WG >>> >>> [WebApps] <http://www.w3.org/2008/webapps/wiki/Main_Page> >>> [Widgets] <http://www.w3.org/TR/widgets-reqs/#introduction> >>> [DigSig-TR] <http://www.w3.org/TR/widgets-digsig/> >>> [DigSig-ED] <http://dev.w3.org/2006/waf/widgets-digsig/> >>> [Issue-22] <http://www.w3.org/2008/webapps/track/issues/22> >>> [Issue-22-Discuss] <http://www.w3.org/2008/08/27-wam-minutes.html#item07 >>> > >>> >>> >>> >> > Begin forwarded message: > From: "Marcos Caceres" <marcosscaceres@gmail.com> > Date: 25 September 2008 15:53:38 CEDT > To: "Arthur Barstow" <art.barstow@nokia.com> > Cc: "Thomas Roessler" <tlr@w3.org>, "Mark Priestley" <Mark.Priestley@vodafone.com > >, "Arve Bersvendsen" <arveb@opera.com>, "Frederick Hirsch" <frederick.hirsch@nokia.com > > > Subject: Re: DRAFT: Seeking feedback regarding Widgets Digital > Signatures spec > > Sounds fine to me too. > > On Thu, Sep 25, 2008 at 2:44 PM, Arthur Barstow > <art.barstow@nokia.com> wrote: >> Below is my DRAFT e-mail to the XML Sec WG regarding Issue #22. >> >> Is this OK? If not, please send suggested changes that will make it >> OK. >> >> FYI, I discussed this impending e-mail with Frederick and he was >> agreeable >> to me including him on this Draft email. >> >> -Thanks, Art >> >> >> === START DRAFT >> >> To: public-xmlsec@w3.org >> Cc: public-webapps@w3.org >> Subject: Seeking feedback regarding Widgets Digital Signatures spec >> >> Frederick, All, >> >> As you may know, the Web Applications WG [WebApps] is working on a >> Digital >> Signature specification for "Widgets" (see [Widgets] for a >> definition of >> Widget in this context). >> >> The FPWD of our Digital Signature spec is at [DigSig-TR] and the >> latest >> Editor's Draft is available at [DigSig-ED]. >> >> Anyhow, during our August f2f meeting, we discussed what we call >> Issue #22 - >> "Is sha1 as a DigestMethod strong enough for Widgets digital >> signatures?" >> [Issue-22]. At then end of this discussion [Issue-22-Discuss] I >> agreed to >> the following action: >> >> [[ >> Ask the XML Sec WG "what algorithm do you recommend we use and what >> identifier should we use for it? >> ]] >> >> Our questions are: >> >> 1. What (if any) issues do you foresee if we require support for >> SHA-256 >> (rather than SHA-1)? >> >> 2. What algorithm do we use? >> >> 3. What identifier do we use for the algorithm? >> >> -Regards, Art Barstow >> Co-Chair of the WebApps WG >> >> [WebApps] <http://www.w3.org/2008/webapps/wiki/Main_Page> >> [Widgets] <http://www.w3.org/TR/widgets-reqs/#introduction> >> [DigSig-TR] <http://www.w3.org/TR/widgets-digsig/> >> [DigSig-ED] <http://dev.w3.org/2006/waf/widgets-digsig/> >> [Issue-22] <http://www.w3.org/2008/webapps/track/issues/22> >> [Issue-22-Discuss] <http://www.w3.org/2008/08/27-wam-minutes.html#item07 >> > >> >> >> >> > > > > -- > Marcos Caceres > http://datadriven.com.au > Begin forwarded message: > From: Frederick Hirsch <frederick.hirsch@nokia.com> > Date: 25 September 2008 15:52:41 CEDT > To: Arthur Barstow <art.barstow@nokia.com> > Cc: Marcos Caceres <m.caceres@qut.edu.au>, Thomas Roessler > <tlr@w3.org>, Mark Priestley <Mark.Priestley@vodafone.com>, Arve > Bersvendsen <arveb@opera.com> > Subject: Re: DRAFT: Seeking feedback regarding Widgets Digital > Signatures spec > > one question I have is the following: > > XML Signature makes an effort to allow the specification of > algorithm with the data, thus allowing it to be self-specifying and > modifiable. Why do you feel a requirement to limit to a single > algorithm? What happens if you select RSA-SHA256 and then a need is > seen for SHA-512 or an alternative to RSA due to some new attack or > weakness? > > Why not leverage the flexibility of XML Signature to allow different > algorithms, along lines of Receiver MUST support RSA-SHA1, RSA- > SHA256 "or better" and Sender MUST support RSA-SHA256 etc But > perhaps I am anticipating WG discussion. > > Draft looks good, maybe > > s/Anyhow, d/D/ > #2 s/do/should > > Perhaps add #4, is there sense is supporting more than one algorithm? > > > regards, Frederick > > Frederick Hirsch > Nokia > > > > On Sep 25, 2008, at 9:44 AM, Arthur Barstow wrote: > >> Below is my DRAFT e-mail to the XML Sec WG regarding Issue #22. >> >> Is this OK? If not, please send suggested changes that will make it >> OK. >> >> FYI, I discussed this impending e-mail with Frederick and he was >> agreeable to me including him on this Draft email. >> >> -Thanks, Art >> >> >> === START DRAFT >> >> To: public-xmlsec@w3.org >> Cc: public-webapps@w3.org >> Subject: Seeking feedback regarding Widgets Digital Signatures spec >> >> Frederick, All, >> >> As you may know, the Web Applications WG [WebApps] is working on a >> Digital Signature specification for "Widgets" (see [Widgets] for a >> definition of Widget in this context). >> >> The FPWD of our Digital Signature spec is at [DigSig-TR] and the >> latest Editor's Draft is available at [DigSig-ED]. >> >> Anyhow, during our August f2f meeting, we discussed what we call >> Issue #22 - "Is sha1 as a DigestMethod strong enough for Widgets >> digital signatures?" [Issue-22]. At then end of this discussion >> [Issue-22-Discuss] I agreed to the following action: >> >> [[ >> Ask the XML Sec WG "what algorithm do you recommend we use and what >> identifier should we use for it? >> ]] >> >> Our questions are: >> >> 1. What (if any) issues do you foresee if we require support for >> SHA-256 (rather than SHA-1)? >> >> 2. What algorithm do we use? >> >> 3. What identifier do we use for the algorithm? >> >> -Regards, Art Barstow >> Co-Chair of the WebApps WG >> >> [WebApps] <http://www.w3.org/2008/webapps/wiki/Main_Page> >> [Widgets] <http://www.w3.org/TR/widgets-reqs/#introduction> >> [DigSig-TR] <http://www.w3.org/TR/widgets-digsig/> >> [DigSig-ED] <http://dev.w3.org/2006/waf/widgets-digsig/> >> [Issue-22] <http://www.w3.org/2008/webapps/track/issues/22> >> [Issue-22-Discuss] <http://www.w3.org/2008/08/27-wam-minutes.html#item07 >> > >> >> >> > Begin forwarded message: > From: Thomas Roessler <tlr@w3.org> > Date: 25 September 2008 15:52:02 CEDT > To: Arthur Barstow <art.barstow@nokia.com> > Cc: Marcos Caceres <m.caceres@qut.edu.au>, Mark Priestley <Mark.Priestley@vodafone.com > >, Arve Bersvendsen <arveb@opera.com>, Frederick Hirsch <frederick.hirsch@nokia.com > > > Subject: Re: DRAFT: Seeking feedback regarding Widgets Digital > Signatures spec > > fine with me > -- Thomas Roessler, W3C <tlr@w3.org> > > > > On 25 Sep 2008, at 15:44, Arthur Barstow wrote: > >> Below is my DRAFT e-mail to the XML Sec WG regarding Issue #22. >> >> Is this OK? If not, please send suggested changes that will make it >> OK. >> >> FYI, I discussed this impending e-mail with Frederick and he was >> agreeable to me including him on this Draft email. >> >> -Thanks, Art >> >> >> === START DRAFT >> >> To: public-xmlsec@w3.org >> Cc: public-webapps@w3.org >> Subject: Seeking feedback regarding Widgets Digital Signatures spec >> >> Frederick, All, >> >> As you may know, the Web Applications WG [WebApps] is working on a >> Digital Signature specification for "Widgets" (see [Widgets] for a >> definition of Widget in this context). >> >> The FPWD of our Digital Signature spec is at [DigSig-TR] and the >> latest Editor's Draft is available at [DigSig-ED]. >> >> Anyhow, during our August f2f meeting, we discussed what we call >> Issue #22 - "Is sha1 as a DigestMethod strong enough for Widgets >> digital signatures?" [Issue-22]. At then end of this discussion >> [Issue-22-Discuss] I agreed to the following action: >> >> [[ >> Ask the XML Sec WG "what algorithm do you recommend we use and what >> identifier should we use for it? >> ]] >> >> Our questions are: >> >> 1. What (if any) issues do you foresee if we require support for >> SHA-256 (rather than SHA-1)? >> >> 2. What algorithm do we use? >> >> 3. What identifier do we use for the algorithm? >> >> -Regards, Art Barstow >> Co-Chair of the WebApps WG >> >> [WebApps] <http://www.w3.org/2008/webapps/wiki/Main_Page> >> [Widgets] <http://www.w3.org/TR/widgets-reqs/#introduction> >> [DigSig-TR] <http://www.w3.org/TR/widgets-digsig/> >> [DigSig-ED] <http://dev.w3.org/2006/waf/widgets-digsig/> >> [Issue-22] <http://www.w3.org/2008/webapps/track/issues/22> >> [Issue-22-Discuss] <http://www.w3.org/2008/08/27-wam-minutes.html#item07 >> > >> >> >> > Begin forwarded message: > From: Arthur Barstow <art.barstow@nokia.com> > Date: 25 September 2008 15:44:07 CEDT > To: Marcos Caceres <m.caceres@qut.edu.au>, Thomas Roessler > <tlr@w3.org>, Mark Priestley <Mark.Priestley@vodafone.com>, Arve > Bersvendsen <arveb@opera.com> > Cc: Frederick Hirsch <frederick.hirsch@nokia.com> > Subject: DRAFT: Seeking feedback regarding Widgets Digital > Signatures spec > > Below is my DRAFT e-mail to the XML Sec WG regarding Issue #22. > > Is this OK? If not, please send suggested changes that will make it > OK. > > FYI, I discussed this impending e-mail with Frederick and he was > agreeable to me including him on this Draft email. > > -Thanks, Art > > > === START DRAFT > > To: public-xmlsec@w3.org > Cc: public-webapps@w3.org > Subject: Seeking feedback regarding Widgets Digital Signatures spec > > Frederick, All, > > As you may know, the Web Applications WG [WebApps] is working on a > Digital Signature specification for "Widgets" (see [Widgets] for a > definition of Widget in this context). > > The FPWD of our Digital Signature spec is at [DigSig-TR] and the > latest Editor's Draft is available at [DigSig-ED]. > > Anyhow, during our August f2f meeting, we discussed what we call > Issue #22 - "Is sha1 as a DigestMethod strong enough for Widgets > digital signatures?" [Issue-22]. At then end of this discussion > [Issue-22-Discuss] I agreed to the following action: > > [[ > Ask the XML Sec WG "what algorithm do you recommend we use and what > identifier should we use for it? > ]] > > Our questions are: > > 1. What (if any) issues do you foresee if we require support for > SHA-256 (rather than SHA-1)? > > 2. What algorithm do we use? > > 3. What identifier do we use for the algorithm? > > -Regards, Art Barstow > Co-Chair of the WebApps WG > > [WebApps] <http://www.w3.org/2008/webapps/wiki/Main_Page> > [Widgets] <http://www.w3.org/TR/widgets-reqs/#introduction> > [DigSig-TR] <http://www.w3.org/TR/widgets-digsig/> > [DigSig-ED] <http://dev.w3.org/2006/waf/widgets-digsig/> > [Issue-22] <http://www.w3.org/2008/webapps/track/issues/22> > [Issue-22-Discuss] <http://www.w3.org/2008/08/27-wam-minutes.html#item07 > > > > >
Received on Friday, 26 September 2008 15:50:50 UTC