- From: David Rogers <david.rogers@omtp.org>
- Date: Fri, 14 Nov 2008 15:58:58 -0000
- To: <public-webapps@w3.org>
- Message-ID: <4C83800CE03F754ABA6BA928A6D94A060174476C@exch-be14.exchange.local>
Dear all, In Mark Priestley's absence, he has asked me to forward these questions for discussion within WebApps, with the intention of this group submitting to the XML Digital Signatures group. These questions are in response to the discussions at TPAC: 1. While it is recognised that there is a broad move to elliptic curve techniques, please can you provide an explanation for your recommendation that DSA should not be supported even with 2048 bit keys? Note: We are aware that there is no published specification describing the use of DSA with key lengths over 1024 but there is a NIST draft[1] (publication process due to start before the end of the year). It has also been noted that there are concerns around licensing on elliptic curve technologies. 2. Please can you explain in more detail how you would propose to use the profile element? 3. Similarly, please can you explain how the addition of the timestamp would help with the revocation process? We assume that you require the timestamp to come from a Trusted Timestamp Authority [1] http://csrc.nist.gov/publications/drafts/fips_186-3/Draft-FIPS-186-3%20_ March2006.pdf Thanks, David. David Rogers OMTP Director of External Relations
Received on Friday, 14 November 2008 15:59:36 UTC