- From: Joseph Reagle <reagle@w3.org>
- Date: Fri, 12 Oct 2001 20:31:32 -0400
- To: Naveen Kumar Konduru <konduru27@yahoo.com>
- Cc: dsig <w3c-ietf-xmldsig@w3.org>
HMAC-SHA1 is actually to be used as the SignatureAlgorithm (though security concerns prompts us to distinguish between "Signature" and "MAC" in the algorithm characterizations.) Consequently, the key would be identified in KeyInfo. On Monday 08 October 2001 6:49, you wrote: > I have some doubts regarding MAC and HMAC. > I successfully completed sign process using RSA with > SHA1 and DSA with SHA1, but struck up with MAC. Where > can we implement HMAC for signing process. If I am not > wrong HMAC is symmetric key algorihm where key can be > generated randomly or using password, but where can > we place or store session key in signed document. I am > not clear with implementation of MAC and HMAC in > standard document(XML-Signature Syntax and Processing > W3C Candidate Recommendation 19-April-2001).Please > elaborate implementation of HMAC. -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Friday, 12 October 2001 20:31:35 UTC