- From: Magnus Nystrom <mnystrom@microsoft.com>
- Date: Tue, 14 Feb 2012 03:23:24 +0000
- To: "Cantor, Scott" <cantor.2@osu.edu>, "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>, "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Personally I believe GCM is the better long-term choice, I view RFC 6476 as a pragmatic solution but essentially a stop-gap. I cannot tell if there is the possibility of a timing attack and this alone makes me concerned. Additionally, if XML Sec 1.1 requires GCM I expect to see uptake of that mode. Finally, I'd really (like all of us, I think) like to see this effort reach the goal line and if we keep doing modifications I fear that we'll just move it out even further. -- Magnus > -----Original Message----- > From: Cantor, Scott [mailto:cantor.2@osu.edu] > Sent: Monday, February 13, 2012 4:57 PM > To: Frederick.Hirsch@nokia.com; public-xmlsec@w3.org > Subject: Re: Last Call for "XML Encryption 1.1", "XML Encryption 1.1 > CipherReference Processing using 2.0 Transforms" to end this Thursday 16 > Feb > > On 2/13/12 7:41 PM, "Frederick.Hirsch@nokia.com" > <Frederick.Hirsch@nokia.com> wrote: > > > >We have received no comments, other than the typo which Scott noted. If > >you are aware of any comment, please share on the public list. > > My comment suggesting we consider adding a non-GCM MAC+CBC option? > With or without a key derivation. I can file that formally if I need to. > > I'm increasingly convinced this is a critical near term need to solve the CBC > problem. > > -- Scott > >
Received on Tuesday, 14 February 2012 03:23:57 UTC