Re: Fw: Please review: proposed FIPS reference changes for XML Signature, Second Edition from Thomas Roessler on 2008-03-18 (public-xmlsec-maintwg@w3.org from March 2008)

From: Thomas Roessler <tlr@w3.org>
Date: Tue, 18 Mar 2008 14:33:01 +0100
To: Bruce Rich <brich@us.ibm.com>
Cc: public-xmlsec-maintwg@w3.org
Message-ID: <20080318133301.GA885@iCoaster.does-not-exist.org>

This one was supposed to go to the list, not to the admin
address...
-- 
Thomas Roessler, W3C  <tlr@w3.org>





On 2008-03-17 14:24:29 +0000, Bruce Rich wrote:
> From: Bruce Rich <brich@us.ibm.com>
> To: public-xmlsec-maintwg-request@w3.org
> Date: Mon, 17 Mar 2008 14:24:29 +0000
> Subject: Fw: Please review: proposed FIPS reference changes for XML Signature, Second
> 	Edition
> X-Spam-Level: 
> Old-Date: Mon, 17 Mar 2008 09:23:24 -0500
> X-Diagnostic: Already on the subscriber list
> X-Diagnostic:   6 brich@us.ibm.com                   32760 brich@us.ibm.com
> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.1.6
> 
> IBM complies with FIPS 186-2.  We have not yet verified FIPS 186-3 
> compliance, but do not anticipate issues.
> 
> Bruce A Rich
> brich at-sign us dot ibm dot com
> 
> ----- Forwarded by Bruce Rich/Austin/IBM on 03/14/2008 01:55 PM -----
> 
> public-xmlsec-maintwg-request@w3.org wrote on 03/05/2008 09:51:14 AM:
> 
> > [image removed] 
> > 
> > Please review: proposed FIPS reference changes for XML Signature, 
> > Second Edition
> > 
> > Frederick Hirsch 
> > 
> > to:
> > 
> > XMLSec XMLSec
> > 
> > 03/05/2008 09:56 AM
> > 
> > Sent by:
> > 
> > public-xmlsec-maintwg-request@w3.org
> > 
> > Cc:
> > 
> > Thomas Roessler
> > 
> > 
> > We have two issues related to the FIPS references in the XML 
> > Signature draft
> > 
> > 1. We reference FIPS 186-2 for DSS, with a URI that doesn't exist any 
> > more:
> > 
> >    http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#ref-DSS
> > 
> > Proposal is to update that link from:
> > 
> >    http://csrc.nist.gov/publications/fips/fips186-2/fips186-2.pdf
> > 
> > to:
> > 
> >    http://csrc.nist.gov/publications/fips/fips186-2/fips186-2- 
> > change1.pdf
> > 
> > The change notice section notes a restriction related to  the DSA 
> > modulus, and also changes related to random number generation.
> > 
> > It is important that participants in the XML Signature, Second 
> > Edition WG indicate whether changing this reference is an issue (or 
> > not) for their implementations. Please send a message to the members 
> > list noting whether the reference change is acceptable or not.
> > 
> > 2. We reference FIPS 180-1 for SHA-1:
> > 
> >    http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#ref-SHA-1
> > 
> > (FIPS 180-1 is also linked from section 6.2.1.)
> > 
> > The links we are using for 180-1 are no longer working, and FIPS 
> > 180-1 has been superseded by FIPS 180-2 (with a change notice).
> > 
> > The proposal is to change the normative reference for SHA-1 to FIPS 
> > 180-2.
> > 
> >    http://csrc.nist.gov/publications/fips/fips180-2/ 
> > fips180-2withchangenotice.pdf
> > 
> > The change here seems to be to add additional hash algorithms which 
> > would not impact XML Signature, Second Edition.
> > 
> > (It appears as though a FIPS 180-3 is scheduled for publication some 
> > time soon, which would in turn supersede 180-2.
> > http://csrc.nist.gov/publications/drafts/fips_180-3/ 
> > draft_fips-180-3_June-08-2007.pdf )
> > 
> > Please review these proposed changes  and post any suggestion or 
> > concern  on the public list (or for product/implementation 
> > acceptability or issues  on the members list). We would like to 
> > resolve this issue on the mailing lists this week if possible.
> > 
> > Thanks
> > 
> > regards, Frederick
> > 
> > Frederick Hirsch, Nokia
> > Chair XML Security Specifications Maintenance WG
> > 
> > 
> > 
>

Received on Tuesday, 18 March 2008 13:33:39 UTC