Re: core-991001: HMAC-SHA1 from Donald E. Eastlake 3rd on 1999-10-06 (w3c-ietf-xmldsig@w3.org from October to December 1999)

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Tue, 05 Oct 1999 22:41:20 -0400
To: w3c-ietf-xmldsig@w3.org
Message-Id: <199910060241.WAA03481@torque.pothole.com>

It is part of the requirements to support symmetric keys.  In
particular, they say "The specification must permit the use of varied
digital signature and message authentication codes, such as symmetric
and asymmetric authentication schemes as well as dynamic agreement of
keying material."

Of course, the Security Considerations section should warn about
paying attention to the services provided by the algorithms used as
well as their strength.  Non-repuditation is not required to be
provided by all signatures.  The requirements say "Signatures will
provide data integrity, authentication, and/or non-repudiatability."

Reasonable warnings should be given in the document for all the know
plausible misunderstandings and weaknesses.

With DSS the requires public key algorithm, you already have SHA1
lying around and the incremental requirement to support HMAC is pretty
trivial.

Donald


From:  Greg Whitehead <gwhitehead@signio.com>
Resent-Message-Id:  <199910052212.SAA00458@www19.w3.org>
Message-ID:  <6B962A1EE646D31193270008C7A4BAB5093374@mail.paymentnet.com>
To:  w3c-ietf-xmldsig@w3.org
Date:  Tue, 5 Oct 1999 15:11:41 -0700 
Resent-From:  w3c-ietf-xmldsig@w3.org
X-Mailing-List:  <w3c-ietf-xmldsig@w3.org> archive/latest/481

>I noticed that HMAC-SHA1 is a REQUIRED algorithm in the core-991001 spec,
>but I don't see where MAC algorithms come up in the core syntax.
>
>If this is carried over from earlier drafts that described an HMAC-SHA1
>"signature" algorithm, then I would vote for removing it.  The HMAC-SHA1
>signature algorithm could be described in a separate document if there is
>interest in it.  My reluctance to endorse it as a signature algorithm in the
>core spec is that it doesn't offer non-repudiation (the signature verifier
>can trivially forge the signature), and this is a subtle point that might be
>misunderstood by relying parties.
>
>-Greg
>
>--
>Greg Whitehead
>Chief Scientist
>Signio, Inc.
>1600 Bridge Parkway, Suite 201
>Redwood City, CA  94065
>650-622-2250
>650-622-2201 (fax)
>gwhitehead@signio.com
>http://www.signio.com

Received on Tuesday, 5 October 1999 22:41:33 UTC