Re: [widgets] Digital Signatures questions for discussion

Hi David and Mark,
Sorry for taking so long to respond. The questions you asked below are
outside my area of expertise. Hopefully either Frederick or Thomas
(CC'd) will be able to answer them quickly.
Kind regards,
Macos

On Fri, Nov 14, 2008 at 3:58 PM, David Rogers <david.rogers@omtp.org> wrote:
> Dear all,
>
>
>
> In Mark Priestley's absence, he has asked me to forward these questions for
> discussion within WebApps, with the intention of this group submitting  to
> the XML Digital Signatures group. These questions are in response to the
> discussions at TPAC:
>
>
>
> 1. While it is recognised that there is a broad move to elliptic curve
> techniques, please can you provide an explanation for your recommendation
> that DSA should not be supported even with 2048 bit keys?
>
>
>
> Note: We are aware that there is no published specification describing the
> use of DSA with key lengths over 1024 but there is a NIST draft[1]
> (publication process due to start before the end of the year). It has also
> been noted that there are concerns around licensing on elliptic curve
> technologies.
>
>
>
> 2. Please can you explain in more detail how you would propose to use the
> profile element?
>
>
>
> 3. Similarly, please can you explain how the addition of the timestamp would
> help with the revocation process? We assume that you require the timestamp
> to come from a Trusted Timestamp Authority
>
>
>
> [1]
> http://csrc.nist.gov/publications/drafts/fips_186-3/Draft-FIPS-186-3%20_March2006.pdf
>
>
>
>
>
> Thanks,
>
>
>
>
>
> David.
>
>
>
> David Rogers
> OMTP Director of External Relations



-- 
Marcos Caceres
http://datadriven.com.au

Received on Wednesday, 3 December 2008 11:27:36 UTC