- From: Brian LaMacchia <bal@microsoft.com>
- Date: Tue, 3 Apr 2001 09:52:07 -0700
- To: "Glenn Adams" <gadams@vgi.com>
- Cc: <w3c-ietf-xmldsig@w3.org>
We didn't define URLs for MD5 because the crypto community has moved away from using or recommending MD5 in any new standard over the past few years, and thus there wasn't anyone pushing for use of MD5 with XMLDSIG. Why are you specifying use of MD5 in a new standard? Shouldn't you be using at least SHA-1? Along these lines, the request I expected to see is for XMLDSIG to specify URLs for SHA-256, SHA-384 and SHA-512. Note: I'm not saying we shouldn't specify an URL for MD5 and RSA-MD5-PKCS1v1.5, just questioning your reliance on it in a new standard. However, if we are going to open up the URL list then we should definitely add SHA-256, -384 and -512 to the list. --bal -----Original Message----- From: Glenn Adams [mailto:gadams@vgi.com] Sent: Monday, April 02, 2001 6:11 PM To: w3c-ietf-xmldsig@w3.org Subject: XML DSIG Algorithm URNs The ATSC (Advanced Television Systems Committee) DASE (DTV Application Software Environment) is expected to normatively reference the XML DSIG recommendation (hopefully to be finalized very soon). It is a requirement of DASE to support MD5 as a message digest algorithm as well as MD5 with RSA Encryption as a signature algorithm, and thus we need URNs to refer to these algorithms. We note that XML DSIG does not presently define a URN for either of these algorithms. Therefore, we request that the XML DSIG group add URNs for these algorithms, e.g., http://www.w3.org/2000/09/xmldsig#md5 http://www.w3.org/2000/09/xmldsig#rsa-md5 If XML DSIG doesn't define these, we will have to define our own URNs; however, given the very high likelihood of the use of these two algorithms, we believe it would be in the best interest of the XML DSIG user community to have W3C specify these URNs. Regards, Glenn Adams Chair, ATSC T3/S17 DASE Specialist Group
Received on Tuesday, 3 April 2001 12:52:44 UTC