Re: Please review: proposed FIPS reference changes for XML Signature, Second Edition from Pratik Datta on 2008-03-12 (public-xmlsec-maintwg@w3.org from March 2008)

From: Pratik Datta <pratik.datta@oracle.com>
Date: Wed, 12 Mar 2008 11:31:50 -0700
To: Frederick Hirsch <frederick.hirsch@nokia.com>
CC: XMLSec XMLSec <public-xmlsec-maintwg@w3.org>, Thomas Roessler <tlr@w3.org>
Message-ID: <47D82196.4090206@oracle.com>

These changes are acceptable for the Oracle implementation.
The Oracle crypto libraries are already compliant to the 
fips186-2-change1, and also support the new additional hash algorithms 
in the FIPS 180-2 spec.

Frederick Hirsch wrote:
>
> We have two issues related to the FIPS references in the XML Signature 
> draft
>
> 1. We reference FIPS 186-2 for DSS, with a URI that doesn't exist any 
> more:
>
>   http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#ref-DSS
>
> Proposal is to update that link from:
>
>   http://csrc.nist.gov/publications/fips/fips186-2/fips186-2.pdf
>
> to:
>
>   http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf
>
> The change notice section notes a restriction related to  the DSA 
> modulus, and also changes related to random number generation.
>
> It is important that participants in the XML Signature, Second Edition 
> WG indicate whether changing this reference is an issue (or not) for 
> their implementations. Please send a message to the members list 
> noting whether the reference change is acceptable or not.
>
> 2. We reference FIPS 180-1 for SHA-1:
>
>   http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#ref-SHA-1
>
> (FIPS 180-1 is also linked from section 6.2.1.)
>
> The links we are using for 180-1 are no longer working, and FIPS 180-1 
> has been superseded by FIPS 180-2 (with a change notice).
>
> The proposal is to change the normative reference for SHA-1 to FIPS 
> 180-2.
>
>   
> http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf 
>
>
> The change here seems to be to add additional hash algorithms which 
> would not impact XML Signature, Second Edition.
>
> (It appears as though a FIPS 180-3 is scheduled for publication some 
> time soon, which would in turn supersede 180-2.
> http://csrc.nist.gov/publications/drafts/fips_180-3/draft_fips-180-3_June-08-2007.pdf 
> )
>
> Please review these proposed changes  and post any suggestion or 
> concern  on the public list (or for product/implementation 
> acceptability or issues  on the members list). We would like to 
> resolve this issue on the mailing lists this week if possible.
>
> Thanks
>
> regards, Frederick
>
> Frederick Hirsch, Nokia
> Chair XML Security Specifications Maintenance WG
>
>
>

Received on Wednesday, 12 March 2008 18:33:53 UTC