- From: Cantor, Scott <cantor.2@osu.edu>
- Date: Mon, 3 Oct 2011 21:56:42 +0000
- To: "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>, Magnus Nystrom <mnystrom@microsoft.com>
- CC: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
On 10/3/11 2:23 PM, "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com> wrote: > >It looks like XML Encryption 1.1 text and example (not schema) says that >the hash is defined using the XML Algorithm Attribute of the child >EncryptionMethod element but does not allow in *XML* to define the MGF >function, thus fixing it to a specific value. Yet at the same time the >element OAEPParams is supported. I think that's accurate, but I think that the in actual implementation, the OAEPParams string doesn't actually get used to drive hash algorithm selection, since the spec is telling you that DigestMethod is what you use for that. In practice, implementations I've tested against often do not support anything but SHA1. >Proposed change: > >[[ >The RSAES-OAEP-ENCRYPT algorithm, as specified in RFC 3447 [PKCS1], takes >two options to define the hash function and mask generation function, >indicated in the OAEPParams value. By default, the Hash is SHA1 and the >mask generation function is MGF1 with SHA1 (mgf1SHA1Identifier). If no >OAEPparams child is provided, a null string is used. >]] > >remove DigestMethod from example. > >what have implementers been doing here? Will this simplification work? It wouldn't work in my implementation right this moment, which is looking for DigestMethod. I'm assuming you're asking "would this break 1.0 implementations and constitute a change in 1.1". -- Scott
Received on Monday, 3 October 2011 21:57:43 UTC