For XML Encryption 1.1, we added a ECC Key agreement scheme ECDH-ES. Can't we also add a Key Transport scheme - like ECIES? However I think that NIST Suite B does not allow ECIES. I am thinking of how hard it is to uptake ECC in higher level specs like WS-Security. For encryption there is often an assumption that the data will be encrypted using an <EncryptedKey>, and this EncryptedKey is encrypted with a public key. To do this with elliptic keys, we need a Key Transport mechanism that supports Elliptic Keys. ECDH Key Agreement cannot be used here. Note: ECDSA signatures can be used in WS-Security with no schema changes. WS-Security uses <BinarySecurityToken> to represent X509 certificates. So this token can also represent ECC X509 certs, and data can be signed using this token. But ECDH KeyAgreement cannot be that easily used in WS-Security - as most encryption scenarios in WS-Security use an EncrpytedKey. PratikReceived on Wednesday, 20 May 2009 21:36:27 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:42:18 UTC