Re: updated XML Encryption 1.1 editors draft for 6.1.3 security consideration

Hi Frederick,

thanks for CC'ing us, there are our thoughts.

On 12/03/2012 03:51 PM, Frederick.Hirsch@nokia.com wrote:
>   2.  Implementations using symetric keys should not use the same key material for different algorithms, even if serving the same purpose. Key derivation based on a single key and the algorithm identifier can be used to accomplish this, for example.
>   3.  Implementations that plan to use the same symetric key for both confidentiality and integrity functions should use it as the basis for a key derivation producing different keys for those functions.
We are puzzled what is the difference between these two points.
Is 2. meant to be specifically for AES-CBC / AES-GCM and 3. specifically
for AES-CBC / HMAC ?

If yes, would it be not better readable to summarize 2. and 3. into one
point?
> On a related note, should we define in XML Encryption 1.1 the specific key derivation function to derive a key based on algorithm identifier and key? I'm concerned about what this means for interop and progressing the specification. If we do need this I suggest we might progress it as an independent specification, but am not sure we need to do this. Thoughts?
We think it is necessary to include the key derivation function into the
standard (for interoperability reasons as well as for better understanding).

Thank you
Juraj and Tibor

Received on Tuesday, 4 December 2012 14:25:52 UTC