- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Thu, 28 Aug 2008 10:37:59 -0400
- To: "ext Thomas Roessler" <tlr@w3.org>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, XML Security Working Group Issue Tracker <sysbot+tracker@w3.org>, public-xmlsec@w3.org
+1 regards, Frederick Frederick Hirsch Nokia On Aug 28, 2008, at 10:05 AM, ext Thomas Roessler wrote: > > On 2008-08-28 12:09:47 +0000, XML Security Working Group Issue > Tracker wrote: > >> Neither XML DSig or XML Enc supports the concept of derived keys. >> >> There are several cases when this lack of support is an issue. For >> example, when encryption or message authentication is based on >> passwords. Another example is when a master key is all that is shared >> between communicating parties and avoidance of using this master key >> for direct protection is desired. >> >> A separate email will provide an analysis of the use of derived >> keys in some existing WS * specifications, and compare the >> functionality in those specification with an alternative, based >> on a set of requirements. > > On an editorial note, it strikes me that it might be useful to have > a section on algorithm and keying requirements in the requirements > and design document, encompassing both Encryption and Signature. > > -- > Thomas Roessler, W3C <tlr@w3.org> >
Received on Thursday, 28 August 2008 14:39:18 UTC