- From: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>
- Date: Thu, 07 May 2009 13:24:01 +0200
- To: Thomas Roessler <tlr@w3.org>
- CC: XMLSec WG Public List <public-xmlsec@w3.org>
- Message-ID: <4A02C4D1.9030605@iaik.tugraz.at>
Thomas Roessler schrieb: > we actually *don't* use the ASN.1 sequence, in other words, we're > going for the "plain" alternative anyway. Rigth in XMLDSIG all DSA, ECDSA variants concatenate (r||s) and base64 encode it, there is no ASN.1 encoding here. > That, to me, suggests that we only coin identifiers for the "plain" > variants of ECDSA-RIPEMD160 (and -whirlpool), Okay, maybe it's best to ignore the BSI variants and only specify: URI: http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160 Specification: #ecdsa-ripemd160 identifies a signature method processed in the same way as specified by the #ecdsa-sha1 with the exception that RIPEMD160 is used instead of SHA-1. URI: http://www.w3.org/2007/05/xmldsig-more#ecdsa-whirlpool Specification: #ecdsa-whirlpool fragment identifies a signature method processed in the same way as specified by the #ecdsa-sha512 fragment with the exception that WHIRLPOOL is used instead of SHA-512. URI: http://www.w3.org/2007/05/xmldsig-more#rsa-whirlpool Specification: #rsa-whirlpool fragment identifies a signature method processed in the same way as specified by the #rsa-sha512 fragment with the exception that WHIRLPOOL is used instead of SHA-512 This is possible in such brevity, because they are in line with what is currently specified in XMLDSIG so that's all the text needed. > and dont bother with the non-plain ones. If we would bother however ... The problem is that the BSI calls their variant "plain" although it's distinct only by the fact that _the hash value is modulo reduced as opposed to truncated_ (latter as in XMLDSIG, resp. fips-186-2 / fips-186-3 draft rep. X9.62). So the BSI variant (which they call "plain", should have better call it "not-truncated-hash" or so) is not compatible with X9.62 . For the BSI variant (if we want to cover it) one could write "-non-trunc" instead of "-plain" as this emphasizes the real difference. http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160-non-trunc http://www.w3.org/2007/05/xmldsig-more#ecdsa-whirlpool-non-trunc URI: http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160-non-trunc Specified in: German BSI Technical Guideline TR-03111 <http://www.bsi.bund.de/literat/tr/tr03111/BSI-TR-03111.pdf#page=27> Note: #ecdsa-ripemd160-non-trunc identifies a signature method processed in the same way as specified by the #ecdsa-ripemd160 fragment. If however the hash length is larger than the domain parameter length the hash is not truncated like in X9.62; rather it is reduced modulo n, the order of the base point G. URI: http://www.w3.org/2007/05/xmldsig-more#ecdsa-whirlpool-non-trunc Specified in: German BSI Technical Guideline TR-03111 <http://www.bsi.bund.de/literat/tr/tr03111/BSI-TR-03111.pdf#page=27> cf. ecdsa-with-Specified where "Specified" is WHIRLPOOL. The #ecdsa-whirlpool-non-trunc fragment identifies a signature method processed in the same way as specified by the #ecdsa-whirlpool fragment. If however the hash length is larger than the domain parameter length the hash is not truncated like in X9.62; rather it is reduced modulo n, the order of the base point G. best regards Konrad -- Konrad Lanz, IAIK/SIC - Graz University of Technology Inffeldgasse 16a, 8010 Graz, Austria Tel: +43 316 873 5547 Fax: +43 316 873 5520 http://www.iaik.tugraz.at/content/about_iaik/people/lanz_konrad/ http://jce.iaik.tugraz.at/sic/products/xml_security Downlaod certificate chain (including the EuroPKI root certificate): http://ca.iaik.tugraz.at/capso/certs.jsp
Received on Thursday, 7 May 2009 11:24:52 UTC