Re: Algorithms draft posted

Thanks for updating the algorithms draft Kelvin.

One question -  Did you mean to leave DSAwithSHA1 required?

Required DSAwithSHA1 (DSS)
http://www.w3.org/2000/09/xmldsig# dsa-sha1

or to make it optional (in section 6.1)?

Does earlier text in 4.4.2 suggest that it is no longer required?   
(The change in patent status for RSA since the original XML Signature  
draft could imply a change in this requirement)

regards, Frederick

Frederick Hirsch
Nokia



On Nov 21, 2008, at 4:26 PM, Frederick Hirsch wrote:

>
> Kelvin has made an update to the 1.1 algorithms draft, and has also  
> produced a red-line.
>
> I also suggested a change to the file names so the URLs have changed  
> (sorry):
>
>
> http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm
>
> http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/xmldsig-ecc.xsd
>
> http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview_diff.htm
>
> Thanks very much to Kelvin for completing this quickly.
>
> All - please review before the next call.
>
> regards, Frederick
>
> Frederick Hirsch, Nokia
> Chair XML Security WG
>
>
>
> On Nov 17, 2008, at 6:55 PM, ext Kelvin Yiu wrote:
>
>> FYI I have posted a working draft that incorporates new algorithms  
>> (ECDSA and SHA2) into XMLDSIG. The URLs are not publicly visible  
>> yet and Thomas and Frederick are helping with setting ACLs.
>>
>>  http://www.w3.org/2008/xmlsec/Drafts/xmldsig/XML Signature Syntax  
>> and Processing 1.1 draft.htm
>>  http://www.w3.org/2008/xmlsec/Drafts/xmldsig/xmldsig-core-schema  
>> 1.1.xsd
>>
>> Here is a summary of the changes:
>>
>> 1.  Added a new ECKeyValue element to represent ECC public keys.  
>> The new element is in the ds namespace, but there is a  
>> recommendation to support a small profile of the ECDSAKeyValue  
>> element with named curves in RFC 4050.
>> 2.  Restructured the ExplicitParams element in 4050 to align with  
>> the ASN.1 equivalent definition in ANSI X9.62 and RFC 3279.
>> 3.  Added SHA256, SHA384 and SHA512 to list of digest, signature  
>> and MAC algorithms.
>> 4.  RSA-SHA256 and ECDSA-SHA256 are now REQUIRED
>> 5.  Added a bunch of new references but not done yet.
>>
>>
>> Kelvin
>

Received on Monday, 1 December 2008 16:09:24 UTC