- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Tue, 7 Jul 2009 16:50:36 -0400
- To: ext Kelvin Yiu <kelviny@exchange.microsoft.com>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, XMLSec WG Public List <public-xmlsec@w3.org>
Kelvin Have we addressed all of this comment adequately now? We still mention 3072 bit keys but do not require them and it is in the nature of listing all the ones defined. Do you think we are ok now, or should we still consider removing mention of them? http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm#sec-DSA regards, Frederick Frederick Hirsch Nokia On Jun 16, 2009, at 11:36 AM, ext Kelvin Yiu wrote: > FIPS 186-3 specifies that DSA can be used with SHA-1, SHA-224, and > SHA-256 based on key sizes. I mis-read Fredrick’s proposal and I > think the revised text already addressed the issue with SHA-384 and > SHA-512. However, there are a couple of issues that needs to be > addressed: > > 1. New URIs are needed for DSA with SHA-224 and SHA-256 > 2. There is a note in FIPS 186-3 at the end of section 4.2 (on > page 16) that basically said a government entity other than a CA > should use only 2048 bit and not 3072 bit. I am not sure if that is > relevant other than perhaps not to make references to 3072 bit keys. > > Thoughts? > > Kelvin >
Received on Tuesday, 7 July 2009 20:51:32 UTC