- From: Thomas Roessler <tlr@w3.org>
- Date: Thu, 28 Aug 2008 16:05:06 +0200
- To: XML Security Working Group Issue Tracker <sysbot+tracker@w3.org>
- Cc: public-xmlsec@w3.org
On 2008-08-28 12:09:47 +0000, XML Security Working Group Issue Tracker wrote: > Neither XML DSig or XML Enc supports the concept of derived keys. > > There are several cases when this lack of support is an issue. For > example, when encryption or message authentication is based on > passwords. Another example is when a master key is all that is shared > between communicating parties and avoidance of using this master key > for direct protection is desired. > > A separate email will provide an analysis of the use of derived > keys in some existing WS * specifications, and compare the > functionality in those specification with an alternative, based > on a set of requirements. On an editorial note, it strikes me that it might be useful to have a section on algorithm and keying requirements in the requirements and design document, encompassing both Encryption and Signature. -- Thomas Roessler, W3C <tlr@w3.org>
Received on Thursday, 28 August 2008 14:05:42 UTC