Identifying Non-Standardized Algorithm Names via URI from Forrester, Christopher (CGI Federal) on 2024-04-24 (public-xmlsec@w3.org from April 2024)

From: Forrester, Christopher (CGI Federal) <Christopher.Forrester@cgifederal.com>
Date: Wed, 24 Apr 2024 18:05:37 +0000
To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <MW4PR09MB9219A4A4A8337F834E4A307480102@MW4PR09MB9219.namprd09.prod.outlook.com>

Sensitivity Label: Public

Hello,

I was wondering if someone could describe how a system should identify algorithms that have not been officially standardized when used with XML-based cryptography.

For example, if a system intends to utilize DSA with SHA3-256 for digital signature generation or verification, how should this be referenced as a URI for an "Algorithm" attribute?

It is understood that, since the algorithm is NOT considered standardized, the sender and recipient may both be specifically configured to recognize the value. This is more a question of expectations and formality.

Thanks,
Chris Forrester

Proprietary/confidential information belonging to CGI Federal Inc. or its affiliates may be contained in this message. If you are not a recipient indicated or intended in this message (or responsible for the delivery of this message to such person), or if you think for any reason that this message may have been addressed to you in error, you may not use or copy or deliver this message to anyone else. In such case, you should destroy this message and are asked to notify the sender by reply email.

Received on Wednesday, 24 April 2024 21:15:13 UTC