- From: merlin <merlin@baltimore.ie>
- Date: Thu, 18 Oct 2001 18:08:35 +0100
- To: Dave Roberts <dave.roberts@saaconsultants.com>
- Cc: dsig <w3c-ietf-xmldsig@w3.org>
Hi Dave, r/dave.roberts@saaconsultants.com/2001.10.18/17:44:40 >On Fri, 12 Oct 2001, Joseph Reagle wrote: >> HMAC-SHA1 is actually to be used as the SignatureAlgorithm (though security >> concerns prompts us to distinguish between "Signature" and "MAC" in the >> algorithm characterizations.) Consequently, the key would be identified in >> KeyInfo. >May I ask what type of KeyInfo would you use? KeyName to identify a shared secret (used in some interop samples). Alternatively, if a KeyAgreement (xmlenc) was used to derive a shared encryption key, the same KeyAgreement could be used to derive an HMAC key as an integrity check. Merlin ----------------------------------------------------------------------------- Baltimore Technologies plc will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. In addition, certain Marketing collateral may be added from time to time to promote Baltimore Technologies products, services, Global e-Security or appearance at trade shows and conferences. This footnote confirms that this email message has been swept by Baltimore MIMEsweeper for Content Security threats, including computer viruses. http://www.baltimore.com
Received on Thursday, 18 October 2001 13:08:41 UTC