Ben Laurie on OpenSSL algorithms (and Elliptic Curve) from Frederick Hirsch on 2009-04-02 (public-xmlsec@w3.org from April 2009)

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Thu, 2 Apr 2009 11:13:00 -0400
To: XMLSec WG Public List <public-xmlsec@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
Message-Id: <4D5BC767-3DBC-4B0E-8532-0676FB06E5BB@nokia.com>

With Ben Laurie's permission, below is an exchange regarding OpenSSL  
and its support for various algorithms.
regards, Frederick

Frederick Hirsch
Nokia



Begin forwarded message:

> From: "ext Ben Laurie" <benl@google.com>
> Date: January 22, 2009 11:41:37 PM EST
> To: Frederick Hirsch <frederick.hirsch@nokia.com>
> Cc: Arthur Barstow <art.barstow@nokia.com>
> Subject: Re: OpenSSL algorithms (and Elliptic Curve)
>
> On Fri, Jan 23, 2009 at 3:54 AM, Frederick Hirsch
> <frederick.hirsch@nokia.com> wrote:
>> Ben
>> I have a question related to OpenSSL that is relevant to the W3C  
>> Widgets
>> work in the Web Applications WG, as well as the W3C XML Security WG.
>>
>> It looks to me, looking at the Open SSL openssl-0.9.8j  
>> distribution, that
>> elliptic curve is included by default. Is that a correct  
>> interpretation?
>
> Yes, I believe so.
>
>> (I
>> assume this is the Sun contribution that was made earlier[1]?)
>> The README appears to be slightly out of date, and I was not able  
>> to find a
>> list of supported algorithms. Do you know if the following  
>> algorithms are
>> included in the latest OpenSSL release?
>
> I think so, but without checking the code I can't be sure, and I'm
> travelling right now. Except DSAwithSHA1, which has always been there.
> I thought (but I could be behind the times) that DSAwithSHA256 had not
> yet been standardised?
>
>> digest
>> SHA-256
>> mac
>> HMAC-SHA256
>> signature
>> RSAwithSHA256
>> ECDSAwithSHA256
>> DSAwithSHA1
>> DSAwithSHA256
>>
>> One reason I ask is that the W3C XML Security WG has 1.1 drafts of  
>> XML
>> Signature [2] and XML Encryption [3] that contain an algorithm  
>> update, and
>> I'd like to understand which of these are already in OpenSSL. This  
>> could
>> also impact widgets adoption.
>> Do you have any comment on the IPR status of elliptic curve as  
>> viewed by
>> OpenSSL?
>
> No, we try to avoid having views on IPR.
>
>> If you have any comment on the XML Signature 1.1 or XML Encryption  
>> 1.1
>> changes, please let me know.
>> Thanks
>> regards, Frederick
>> Frederick Hirsch
>> Nokia
>> [1] http://research.sun.com/projects/crypto/FrequenlyAskedQuestions.html
>> [2] http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview_diff.htm#sec-AlgID
>> [3] http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview_diff.htm
>>

Received on Thursday, 2 April 2009 15:14:30 UTC