Re: XML DSIG Algorithm URNs

     Brian's point about defining URN's for the new extended SHA's is still
appropriate, even assuming that we include support for MD5 and RSA/MD5.
Should we include RIPEMD-160 (and perhaps RIPEMD-128) as well?  They are
not mandatory to implement, of course.

          Tom Gindin


"Glenn Adams" <gadams@vgi.com>@w3.org on 04/03/2001 08:35:59 PM

Sent by:  w3c-ietf-xmldsig-request@w3.org


To:   "Brian LaMacchia" <bal@microsoft.com>
cc:   <w3c-ietf-xmldsig@w3.org>
Subject:  Re: XML DSIG Algorithm URNs


We are also using SHA-1 (and recommend it as a preference), but need to use
MD5
for compatibility with certain existing practice as well; that is, we have
certain legacy issues we must contend with. It seems to us that XML DSIG
should
recognize the continued use of these legacy algorithms even if they are not
recommended.

Regards,
Glenn

----- Original Message -----
From: "Brian LaMacchia" <bal@microsoft.com>
To: "Glenn Adams" <gadams@vgi.com>
Cc: <w3c-ietf-xmldsig@w3.org>
Sent: Tuesday, April 03, 2001 12:52 PM
Subject: RE: XML DSIG Algorithm URNs


> We didn't define URLs for MD5 because the crypto community has moved
> away from using or recommending MD5 in any new standard over the past
> few years, and thus there wasn't anyone pushing for use of MD5 with
> XMLDSIG.  Why are you specifying use of MD5 in a new standard?
> Shouldn't you be using at least SHA-1?  Along these lines, the request I
> expected to see is for XMLDSIG to specify URLs for SHA-256, SHA-384 and
> SHA-512.
>
> Note: I'm not saying we shouldn't specify an URL for MD5 and
> RSA-MD5-PKCS1v1.5, just questioning your reliance on it in a new
> standard.  However, if we are going to open up the URL list then we
> should definitely add SHA-256, -384 and -512 to the list.
>
> --bal
>
> -----Original Message-----
> From: Glenn Adams [mailto:gadams@vgi.com]
> Sent: Monday, April 02, 2001 6:11 PM
> To: w3c-ietf-xmldsig@w3.org
> Subject: XML DSIG Algorithm URNs
>
>
> The ATSC (Advanced Television Systems Committee) DASE (DTV Application
> Software
> Environment) is expected to normatively reference the XML DSIG
> recommendation (hopefully to be finalized very soon).
>
> It is a requirement of DASE to support MD5 as a message digest algorithm
> as well as MD5 with RSA Encryption as a signature algorithm, and thus we
> need URNs to refer to these algorithms. We note that XML DSIG does not
> presently define a URN for either of these algorithms. Therefore, we
> request that the XML DSIG group add URNs for these algorithms, e.g.,
>
> http://www.w3.org/2000/09/xmldsig#md5
> http://www.w3.org/2000/09/xmldsig#rsa-md5
>
> If XML DSIG doesn't define these, we will have to define our own URNs;
> however, given the very high likelihood of the use of these two
> algorithms, we believe it would be in the best interest of the XML DSIG
> user community to have W3C specify these URNs.
>
> Regards,
> Glenn Adams
> Chair, ATSC T3/S17 DASE Specialist Group
>
>
>

Received on Wednesday, 4 April 2001 00:00:16 UTC