- From: Pratik Datta <pratik.datta@oracle.com>
- Date: Wed, 5 Oct 2011 10:38:32 -0700 (PDT)
- To: Frederick.Hirsch@nokia.com, public-xmlsec@w3.org
Frederick, When you said change the URI for RSA-OAEP http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p I assume you mean create a new URI. We obviously cannot get rid of the existing URI for backwards compatibility. For example this is the "Basic128" and "Basic256" encryption algorithm in WS-Security and it is the most popularly used. For OAEPParams, instead of describing it "label", I would go with "PSource specified". In your redline you have "ds:EncryptionMethod" and "ds11:MGF" EncryptionMethod is in "enc" namespaces. We should put MGF in enc11 namespace Pratik -----Original Message----- From: Frederick.Hirsch@nokia.com [mailto:Frederick.Hirsch@nokia.com] Sent: Wednesday, October 05, 2011 9:28 AM To: public-xmlsec@w3.org Cc: Frederick.Hirsch@nokia.com Subject: proposed XML Encryption 1.1 changes related to OAEP Attached are Redline and clean roll-ups of proposed changes to XML Encryption 1.1 based on our list and call discussion. Changes: 1. define new optional attribute to EncryptionMethod to convey MGF for OAEP 2. change URI for RSA-OAEP not to assume specific MGF (e.g. decouple to allow change to MGF). This is a significant change to decouple MGF definition from algorithm definition 3. Clarify RSA-OAEP section wording to clarify that digest is specified in DigestMethod Algorithm attribute, MGF in MGF attribute with default of MGF1 with SHA1 if not specified, and Label is optionally in OAEPparams XML element. 4. Incorporated outstanding changes from Scott that were previously agreed but not implemented (I believe) http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0043.html Comment? regards, Frederick Frederick Hirsch Nokia
Received on Wednesday, 5 October 2011 17:39:11 UTC