RE: proposed XML Encryption 1.1 changes related to OAEP from Magnus Nystrom on 2011-10-06 (public-xmlsec@w3.org from October 2011)

From: Magnus Nystrom <mnystrom@microsoft.com>
Date: Thu, 6 Oct 2011 06:26:52 +0000
To: Pratik Datta <pratik.datta@oracle.com>, "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>, "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <D744D68428430B4F9C81DE8A4D59506812180723@TK5EX14MBXW603.wingroup.windeploy.ntde>

Another minor comment: I suggest changing from "This specification specifies that these values are specified as follows: " to: "This recommendation specifies these values as follows:" (for a better read). Other than that, from a quick scan, looks good.


-- Magnus


> -----Original Message-----
> From: public-xmlsec-request@w3.org [mailto:public-xmlsec-request@w3.org]
> On Behalf Of Pratik Datta
> Sent: Wednesday, October 05, 2011 10:39 AM
> To: Frederick.Hirsch@nokia.com; public-xmlsec@w3.org
> Subject: RE: proposed XML Encryption 1.1 changes related to OAEP
> 
> Frederick,
> 
> When you said change the URI for RSA-OAEP
> http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
> I assume you mean create a new URI.  We obviously cannot get rid of the
> existing URI for backwards compatibility. For example this is the "Basic128" and
> "Basic256" encryption algorithm in WS-Security and it is the most popularly
> used.
> 
> For OAEPParams,  instead of describing it "label", I would go with "PSource
> specified".
> 
> In your redline you have "ds:EncryptionMethod" and "ds11:MGF"
>   EncryptionMethod is in "enc" namespaces.  We should put MGF in enc11
> namespace
> 
> 
> Pratik
> 
> -----Original Message-----
> From: Frederick.Hirsch@nokia.com [mailto:Frederick.Hirsch@nokia.com]
> Sent: Wednesday, October 05, 2011 9:28 AM
> To: public-xmlsec@w3.org
> Cc: Frederick.Hirsch@nokia.com
> Subject: proposed XML Encryption 1.1 changes related to OAEP
> 
> Attached are Redline and clean roll-ups of proposed changes to XML Encryption
> 1.1 based on our list and call discussion.
> 
> Changes:
> 
> 1. define new optional attribute to EncryptionMethod to convey MGF for OAEP
> 
> 2. change URI for RSA-OAEP not to assume specific MGF (e.g. decouple to allow
> change to MGF). This is a significant change to decouple MGF definition from
> algorithm definition
> 
> 3. Clarify RSA-OAEP section wording to clarify that digest is specified in
> DigestMethod Algorithm attribute, MGF in MGF attribute with default of MGF1
> with SHA1 if not specified, and Label is optionally in OAEPparams XML element.
> 
> 4. Incorporated outstanding changes from Scott that were previously agreed but
> not implemented (I believe)
> 
> http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0043.html
> 
> Comment?
> 
> regards, Frederick
> 
> Frederick Hirsch
> Nokia
> 
> 
>

Received on Thursday, 6 October 2011 06:27:32 UTC