- From: Brian LaMacchia <bal@exchange.microsoft.com>
- Date: Mon, 1 Dec 2008 09:38:44 -0800
- To: Frederick Hirsch <frederick.hirsch@nokia.com>, Kelvin Yiu <kelviny@exchange.microsoft.com>
- CC: XMLSec WG Public List <public-xmlsec@w3.org>
Well, personally, I'd suggest we change DSAwithSHA1 to Optional, because as originally defined the max DSS key size was 1024 bits with a 160-bit subgroup, which is too small. (I think the most recent FIPS for DSS increased this, but since the RSA patent expired I haven't seen any serious demand for DSS beyond check-box compliance.) Anyone see a problem with moving DSAwithSHA1 from Required in 1.0 to Optional in 1.1? --bal -----Original Message----- From: public-xmlsec-request@w3.org [mailto:public-xmlsec-request@w3.org] On Behalf Of Frederick Hirsch Sent: Monday, December 01, 2008 8:08 AM To: Kelvin Yiu Cc: XMLSec WG Public List; Frederick Hirsch Subject: Re: Algorithms draft posted Thanks for updating the algorithms draft Kelvin. One question - Did you mean to leave DSAwithSHA1 required? Required DSAwithSHA1 (DSS) http://www.w3.org/2000/09/xmldsig# dsa-sha1 or to make it optional (in section 6.1)? Does earlier text in 4.4.2 suggest that it is no longer required? (The change in patent status for RSA since the original XML Signature draft could imply a change in this requirement) regards, Frederick Frederick Hirsch Nokia On Nov 21, 2008, at 4:26 PM, Frederick Hirsch wrote: > > Kelvin has made an update to the 1.1 algorithms draft, and has also > produced a red-line. > > I also suggested a change to the file names so the URLs have changed > (sorry): > > > http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm > > http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/xmldsig-ecc.xsd > > http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview_diff.htm > > Thanks very much to Kelvin for completing this quickly. > > All - please review before the next call. > > regards, Frederick > > Frederick Hirsch, Nokia > Chair XML Security WG > > > > On Nov 17, 2008, at 6:55 PM, ext Kelvin Yiu wrote: > >> FYI I have posted a working draft that incorporates new algorithms >> (ECDSA and SHA2) into XMLDSIG. The URLs are not publicly visible >> yet and Thomas and Frederick are helping with setting ACLs. >> >> http://www.w3.org/2008/xmlsec/Drafts/xmldsig/XML Signature Syntax >> and Processing 1.1 draft.htm >> http://www.w3.org/2008/xmlsec/Drafts/xmldsig/xmldsig-core-schema >> 1.1.xsd >> >> Here is a summary of the changes: >> >> 1. Added a new ECKeyValue element to represent ECC public keys. >> The new element is in the ds namespace, but there is a >> recommendation to support a small profile of the ECDSAKeyValue >> element with named curves in RFC 4050. >> 2. Restructured the ExplicitParams element in 4050 to align with >> the ASN.1 equivalent definition in ANSI X9.62 and RFC 3279. >> 3. Added SHA256, SHA384 and SHA512 to list of digest, signature >> and MAC algorithms. >> 4. RSA-SHA256 and ECDSA-SHA256 are now REQUIRED >> 5. Added a bunch of new references but not done yet. >> >> >> Kelvin >
Received on Monday, 1 December 2008 17:39:29 UTC