- From: Frederick Hirsch <Frederick.Hirsch@nokia.com>
- Date: Fri, 20 Feb 2009 17:33:17 -0500
- To: ext Thomas Roessler <tlr@w3.org>
- Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>, ext Brian LaMacchia <bal@exchange.microsoft.com>, XMLSec WG Public List <public-xmlsec@w3.org>
Thanks. I was hoping Magnus and others could review either way, but this is better if possible. regards, Frederick Frederick Hirsch Nokia On Feb 20, 2009, at 5:29 PM, ext Thomas Roessler wrote: > Brian noted that he just implemented what Magnus had proposed. I > suggest that we leave things as they are for the moment and give > Magnus a chance -- his autoresponder claims that he'll be back on > Monday. > > (I'll probably take care of most of the publication preparations over > the week-end, but see no problem delaying dsig-core till Monday.) > > -- > Thomas Roessler, W3C <tlr@w3.org> > > > > > > > > On 20 Feb 2009, at 23:26, Frederick Hirsch wrote: > >>> <Hash Algorithm="http://..."> >>> <Seed>asdfasdf</Seed> >> </Hash> >> >> seems much clearer than >>> <Seed Algorithm="http://...">asdfasdf</Seed> >> >> >> So I'd argue against the second choice. >> >> Regarding the Hash element, it seems reasonable, but would it >> introduce any confusion to those familiar with the ASN.1 and looking >> for similarity? I'd suggest not if we have the appropriate text in >> the document. >> >> Presumably there are no compelling reasons for keeping the two >> separate? >> >> Should we make this change now so that review reflects where we >> expect to end up? >> >> regards, Frederick >> >> Frederick Hirsch >> Nokia >> >> >> >> On Feb 20, 2009, at 5:16 PM, ext Brian LaMacchia wrote: >> >>> I'd be OK with either of these alternatives; the current design >>> follows the layout in X9.62-2005 and draft 1.7 of SEC-1. Earlier >>> versions of those specs had the seed but not the hash algorithm >>> identifier, so I suspect the hash was put at the end of the ASN.1 >>> structure so as not to break back-compat. We don't have that >>> problem here, so we're free to change the format as we see fit. >>> >>> --bal >>> >>> -----Original Message----- >>> From: public-xmlsec-request@w3.org [mailto:public-xmlsec-request@w3.org >>> ] On Behalf Of Thomas Roessler >>> Sent: Friday, February 20, 2009 10:54 PM >>> To: Brian LaMacchia >>> Cc: XMLSec WG Public List >>> Subject: Re: ACTION-219: ECPointType >>> >>> On 20 Feb 2009, at 22:49, Brian LaMacchia wrote: >>> >>>> The Hash element is an optional element that specifies the hash >>>> algorithm used to generate the >>>> elliptic curve E and/or base point G verifiably at random. If the >>>> Hash element is present then the >>>> optional Seed element in the Curve element must also be present. >>>> >>>> COMMENT 1: I added the second sentence that if you specify the Hash >>>> element you must also specify the Seed element, because the Hash >>>> element doesn't make sense without the Seed element (they get used >>>> together to verify the curve was generated randomly) >>> >>> It would seem more in line with the overall style of XML Signature >>> to >>> put the hash algorithm into an attribute, and the Seed into a child >>> of >>> Hash. Having the two of them as siblings makes some sense when >>> there >>> is a default hash algorithm specified. >>> >>> So, I'd suggest something like this: >>> >>> <Hash Algorithm="http://..."> >>> <Seed>asdfasdf</Seed> >>> </Hash> >>> >>> ... instead of the current approach. >>> >>> Does this make sense, or am I missing something? >>> >>> Or would something like... >>> >>> <Seed Algorithm="http://...">asdfasdf</Seed> >>> >>> make more sense? >>> >>> >>> >>> >> >
Received on Friday, 20 February 2009 22:34:04 UTC