- From: Hal Lockhart <hal.lockhart@oracle.com>
- Date: Thu, 21 Jun 2012 14:41:49 -0700 (PDT)
- To: public-xmlsec@w3.org
Received on Thursday, 21 June 2012 21:42:22 UTC
First I need to amend what I said on the call. On the call I was concerned that XML Signature did not unambiguously state what part of the hash value was to be truncated. I now see that the HMAC sections of XML Signature all reference RFC 2104. Section 5 of RFC 2104 says in part: "... by outputting the t leftmost bits of the HMAC computation ..." This seems unambiguous and thus I don't think we need to change XML Signature. I have attached a proposed new section for the Best Practices doc in approximately the right format rendered in word format. Hal
Received on Thursday, 21 June 2012 21:42:22 UTC