- From: <Frederick.Hirsch@nokia.com>
- Date: Thu, 6 Oct 2011 17:53:05 +0000
- To: <mnystrom@microsoft.com>
- CC: <Frederick.Hirsch@nokia.com>, <public-xmlsec@w3.org>
I have updated the XML Encryption 1.1 editors draft with this change as agreed on our last teleconference, see http://lists.w3.org/Archives/Public/public-xmlsec/2011Oct/att-0007/minutes-2011-10-04.html#item05 regards, Frederick Frederick Hirsch Nokia On Oct 3, 2011, at 10:58 PM, ext Magnus Nystrom wrote: > Responding to myself here, one suggestion that has been made to me off-list is to provide a note on what to do in static-static situations. This may be reasonable and here's a suggestion: > > In Section 5.4.1 of XML Encryption 1.1, change: > > The AlgorithmID, PartyUInfo, PartyVInfo, SuppPubInfo and SuppPrivInfo attributes are as defined in [SP800-56A]. Their presence is optional but AlgorithmID, PartyVInfo and PartyUInfo must be present for applications that need to comply with [SP800-56A]. > > To: > > The AlgorithmID, PartyUInfo, PartyVInfo, SuppPubInfo and SuppPrivInfo attributes are as defined in [SP800-56A]. Their presence is optional but AlgorithmID, PartyVInfo and PartyUInfo must be present for applications that need to comply with [SP800-56A]. Note: The PartyUInfo component shall include a nonce when ConcatKDF is used in conjunction with a static-static Diffie-Hellman (or static-static ECDH) key agreement scheme; see further [SP800-56A]. > > -- Magnus > >> -----Original Message----- >> From: Magnus Nystrom >> Sent: Tuesday, September 27, 2011 8:44 PM >> To: XMLSec WG Public List (public-xmlsec@w3.org) >> Subject: RE: How does one specify the Salt/Nonce for ConcatKDF key derivation >> in XML encryption 1.1 >> >> Hi Pratik, >> In the case of static-static D-H, the nonce shall be part of the PartyUInfo >> element (see NIST 800-56A: "NonceU shall be in the PartyUInfo subfield of >> OtherInfo"). As we state in the document that these attributes are defined in >> 800-56A, I don't think there's a need to make an update here. >> >> Best, >> -- Magnus >> >>>> Resent-From: <public-xmlsec@w3.org> >>>> From: ext Pratik Datta <pratik.datta@oracle.com> >>>> Date: September 19, 2011 4:18:01 PM EDT >>>> To: <public-xmlsec@w3.org> >>>> Subject: How does one specify the Salt/Nonce for ConcatKDF key >>>> derivation in XML encryption 1.1 >>>> >>>> I noticed that the Legacy key derivation function has a <KA-Nonce> >>>> element, >>> PBKDF2 has a <Salt> element, but there is nothing equivalent of this >>> for ConcatKDF. >>>> Is the salt supposed to be part of PartyUInfo , PartyVInfo ? >>>> >>>> >>>> The SP800-56A says this: >>>> ------ >>>> 3.2 PartyUInfo: A bit string containing public information that is >>>> required by the application using this KDF to be contributed by >>>> party U to the key derivation process. At a minimum, PartyUInfo >>>> shall include IDU, the identifier of party U. See the notes below. >>>> >>>> 3.3 PartyVInfo: A bit string containing public information that is >>>> required by the application using this KDF to be contributed by >>>> party V to the key derivation process. At a minimum, PartyVInfo >>>> shall include IDV, the identifier of party V. See the notes below. >>>> ----- >>>> >>>> I am not very clear from this text whether PartyUInfo is supposed >>>> include >>> some random value. >>>> >>>> Without the salt, the derived key will turn out to be same every time. >>>> >>>> >>>> Pratik >>>> >>> > >
Received on Thursday, 6 October 2011 17:56:09 UTC