core-991001: HMAC-SHA1 from Greg Whitehead on 1999-10-05 (w3c-ietf-xmldsig@w3.org from October to December 1999)

From: Greg Whitehead <gwhitehead@signio.com>
Date: Tue, 5 Oct 1999 15:11:41 -0700
To: w3c-ietf-xmldsig@w3.org
Message-ID: <6B962A1EE646D31193270008C7A4BAB5093374@mail.paymentnet.com>

I noticed that HMAC-SHA1 is a REQUIRED algorithm in the core-991001 spec,
but I don't see where MAC algorithms come up in the core syntax.

If this is carried over from earlier drafts that described an HMAC-SHA1
"signature" algorithm, then I would vote for removing it.  The HMAC-SHA1
signature algorithm could be described in a separate document if there is
interest in it.  My reluctance to endorse it as a signature algorithm in the
core spec is that it doesn't offer non-repudiation (the signature verifier
can trivially forge the signature), and this is a subtle point that might be
misunderstood by relying parties.

-Greg


--
Greg Whitehead
Chief Scientist
Signio, Inc.
1600 Bridge Parkway, Suite 201
Redwood City, CA  94065
650-622-2250
650-622-2201 (fax)
gwhitehead@signio.com
http://www.signio.com

Received on Tuesday, 5 October 1999 18:12:11 UTC