- From: Eric Rescorla <ekr@rtfm.com>
- Date: Thu, 14 Oct 1999 15:00:42 -0700
- To: "Jim Schaad (Exchange)" <jimsch@EXCHANGE.MICROSOFT.com>
- cc: "W3c-Ietf-Xmldsig (E-mail)" <w3c-ietf-xmldsig@w3.org>
> OK -- lets put this argument on hold for a while and look at the original > proprosal again. > > 1. If we put the statment in the draft that the only HashAlgorithm > parameter that can be specified with DSA is SHA-1 we can make a future > modification to the following statement. > When DSA is specified, if |q| == 160, the HashAlgorithm MUST be specfied as > SHA-1. If |q| == 320, the HashAlgorithm MUST be specfied as AES-HASH. This > allows for future flexability if needed and specfies both DSA and SHA1 must > be used today. This is provisionally fine with me. I'd like to get a cryptographer's opinion about DSA with |q|!=160, however. I'm not mathematician enough to know that it's strong. > 2. With regards to the RSA parameters, it would appear that the ONLY thing > you are arguing againist is really the new padding algorithm that I > suggested not the parameterization. I am sure that you would allow the > P1363 padding algorithm. (I have not verified it includes the hash name, but > I assume it does.) The fact that I am factorizing out the presentation > should not be an issue with you. Is this correct? Mostly no. However, I'd like to see us come down on only a few different padding algorithms. Is there any reason to support anything other than PKCS-1v1.5 and some OAEP variant? -Ekr
Received on Thursday, 14 October 1999 18:00:53 UTC