- From: Magnus Nystrom <mnystrom@microsoft.com>
- Date: Thu, 6 Oct 2011 06:26:52 +0000
- To: Pratik Datta <pratik.datta@oracle.com>, "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>, "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Another minor comment: I suggest changing from "This specification specifies that these values are specified as follows: " to: "This recommendation specifies these values as follows:" (for a better read). Other than that, from a quick scan, looks good. -- Magnus > -----Original Message----- > From: public-xmlsec-request@w3.org [mailto:public-xmlsec-request@w3.org] > On Behalf Of Pratik Datta > Sent: Wednesday, October 05, 2011 10:39 AM > To: Frederick.Hirsch@nokia.com; public-xmlsec@w3.org > Subject: RE: proposed XML Encryption 1.1 changes related to OAEP > > Frederick, > > When you said change the URI for RSA-OAEP > http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p > I assume you mean create a new URI. We obviously cannot get rid of the > existing URI for backwards compatibility. For example this is the "Basic128" and > "Basic256" encryption algorithm in WS-Security and it is the most popularly > used. > > For OAEPParams, instead of describing it "label", I would go with "PSource > specified". > > In your redline you have "ds:EncryptionMethod" and "ds11:MGF" > EncryptionMethod is in "enc" namespaces. We should put MGF in enc11 > namespace > > > Pratik > > -----Original Message----- > From: Frederick.Hirsch@nokia.com [mailto:Frederick.Hirsch@nokia.com] > Sent: Wednesday, October 05, 2011 9:28 AM > To: public-xmlsec@w3.org > Cc: Frederick.Hirsch@nokia.com > Subject: proposed XML Encryption 1.1 changes related to OAEP > > Attached are Redline and clean roll-ups of proposed changes to XML Encryption > 1.1 based on our list and call discussion. > > Changes: > > 1. define new optional attribute to EncryptionMethod to convey MGF for OAEP > > 2. change URI for RSA-OAEP not to assume specific MGF (e.g. decouple to allow > change to MGF). This is a significant change to decouple MGF definition from > algorithm definition > > 3. Clarify RSA-OAEP section wording to clarify that digest is specified in > DigestMethod Algorithm attribute, MGF in MGF attribute with default of MGF1 > with SHA1 if not specified, and Label is optionally in OAEPparams XML element. > > 4. Incorporated outstanding changes from Scott that were previously agreed but > not implemented (I believe) > > http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0043.html > > Comment? > > regards, Frederick > > Frederick Hirsch > Nokia > > >
Received on Thursday, 6 October 2011 06:27:32 UTC