Re: comments on algorithms draft

Hi Frederick,

thanks for going through this with a fresh pair of eyes.

The changes you propose seem to fall into three categories:

- editorial changes (I got a link or a heading wrong, I forgot a link  
[and I thought I had done the links for the block algorithms...  
sorry], I referenced the wrong spec, and so on)

- calling out recommended status of algorithms

- calling out what specs mention which algorithm as optional to  
implement.

I'll be happy to make the first two classes of changes.

However, I'd prefer to generally not keep track of which spec has  
which algorithm as optional, simply because that's the overall  
default.  (We could be explicit about that default, though.)

The one exception is the DH key agreement algorithm, since it's the  
only algorithm of its kind that's specified (at this point), and  
nevertheless optional.  Usually, we have at least one mandatory to  
implement algorithm per feature.

Likewise, I do not think that the Signature 1.1 needs to include every  
algorithm that's in the Note.

--
Thomas Roessler, W3C  <tlr@w3.org>







On 10 Feb 2009, at 23:43, Frederick Hirsch wrote:

>
> Comments on algorithms draft [1]. I propose we make these changes  
> before First Public Working Draft.
>
> (1) 1st  paragraph in section 3
> Replace "(again, and octet-stream)" with "(an octet stream that is  
> base64 encoded as noted in Section 4.2 of XML SIgnature)"
>
> (2) Section 3.2
> Replace "various variants" with "variants"
>
> (3) Section 3.2, RSA-SHA256
> remove references to dsig and 2nd edition, not applicable in this case
>
> (4) Section 3.2 RSA-SHA384, RSA-SHA512
>
> For each, add note:
> "This algorithm is under consideration as an optional to implement  
> algorithm for a future version of XML Signature."
>
> (5) Section 3.2 RSA-RIPEMD160
>
> This algorithm is not mentioned in the XML Signature 1.1 draft. An  
> issue?
>
> (6) Section 3.3 ECDSA-SHA224
>
> This algorithm is not mentioned in the XML Signature 1.1 draft. An  
> issue?
>
> (7) section 3.3 ECDSAwithSHA384
>
> replace second ECDSAwithSHA384 with ECDSAwithSHA512
>
> (8) section 3.3 ECDSA-SHA1, ECDSAwithSHA384, ECDSAwithSHA512
>
> for each, add note:
> "This algorithm is under consideration as an optional to implement  
> algorithm for a future version of XML Signature."
>
> (9) Section 3.4 HMAC-SHA256
>
> Add
> "This algorithm is under consideration as a recommended to implement  
> algorithm for a future version of XML Signature."
>
> (9) Section 3.4 HMAC-SHA384, HMAC-SHA512
>
> For each, add
> "This algorithm is under consideration as an optional to implement  
> algorithm for a future version of XML Signature."
>
> (10) Section 3.4 HMAC-RIPEMD160
>
> This algorithm is not mentioned in the XML Signature 1.1 draft. An  
> issue?
>
> (11) Section 4.2 SHA-224
>
> This algorithm is not mentioned in the XML Signature 1.1 draft. An  
> issue?
>
> (12)  Section 4.2 SHA-256
>
> Remove xml signature and 2nd edition references.
>
> (13) Section 4.2 SHA-384, SHA-512
>
> For each, add
> "This algorithm is under consideration as an optional to implement  
> algorithm for a future version of XML Signature."
>
> (14) 4.3 RIPEMD-160
>
> Add note:
> "This algorithm is listed as optional to implement in XML Encryption  
> in section 5.7.4.
> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-RIPEMD-160
> "
>
> (15) 5.1 Triple DES (CBC mode)
> add section and specific link for section:
>
> Section 5.2.1
> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-tripledes-cbc
>
> (16) 5.1 AES-128 (CBC mode)
> add section and specific link for section:
>
> Section 5.2.2
> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-AES
>
> (17) 5.1 AES-192 (CBC mode)
> add section and specific link for section:
>
> Section 5.2.2
> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-AES
>
> Add note
> This algorithm is optional to implement in [XMLENC].
>
>
> (18) 5.1 AES-256 (CBC mode)
> add section and specific link for section:
>
> Section 5.2.2
> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-AES
>
> Add note
> This algorithm is optional to implement in [XMLENC].
>
> (19) Section 6, RSA-v1.5
> add section and specific link for section:
>
> Section 5.4.1
> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-RSA-1_5
>
> (20) Section 6, RSA-OAEP
> add section and specific link for section:
>
> Section 5.4.2
> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-RSA- 
> OAEP
>
> Add note
> This algorithm is optional to implement in [XMLENC].
>
> (21) Section 7, Diffie Hellman
> add section and specific link for section:
>
> Section 5.5.1
> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-DHKeyValue
>
> (22) Section 8, CMS Triple-DES Key Wrap
> add section and specific link for section:
>
> Section 5.6.2
> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-kw-tripledes
>
> (23) Section 8, AES Key Wrap 128
> add section and specific link for section:
>
> Section 5.6.3
> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-kw-aes
>
> (24) Section 8, AES Key Wrap 192
> add section and specific link for section:
>
> Section 5.6.3
> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-kw-aes
>
> Add note
> This algorithm is optional to implement in [XMLENC].
>
> (25) Section 8, ES Key Wrap 256
> add section and specific link for section:
>
> Section 5.6.3
> link = http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-kw-aes
>
> regards, Frederick
>
> Frederick Hirsch
> Nokia
>
>
> [1] http://www.w3.org/2008/xmlsec/Drafts/xmlsec-algorithms/Overview.html#sec-ripemd160
>

Received on Tuesday, 10 February 2009 23:44:50 UTC