Re: Algorithm Selections

Joseph M. Reagle Jr., <reagle@w3.org>, writes:

> In the XML context, our goal is quick/easy interop by specifying an absolute 
> minimum that takes advantage of likely/exiting deployment, no IPR problems, 
> and a minimal amount of work that we'd have to co-opt with respect to 
> providing identifiers and keywraps. (Like xmldsig, the only requirement is 
> for a simple DSAKeyValue. Everything else could have been skipped). Anything 
> else must be specified under an external algorithm-identifier and namespace.

This depends on what you consider the goal of XML security.

From the XML perspective, you want to add security features to XML
documents: the ability to sign and encrypt them.  From this perspective,
providing a single key type and algorithm type is adequate.

From the security perspective, there exist deployed keys and PKIs
and there is a desire to extend the functionality of this existing
infrastructure to be able to secure XML documents.  From this perspective,
it is desirable to make sure that existing keys are supported by the
XML security specs.

Continuing this perspective, it is less important that a wide range
of symmetric encryption algorithms and hash algorithms are supported.
Existing keys can generally be used with standard algorithms like 3DES
and SHA.  However it is important that existing public keys, deployed
and in widespread use, are able to be used with XML security just as
they are in other areas of security.

Hal Finney

Received on Friday, 1 December 2000 17:05:57 UTC