W3C home > Mailing lists > Public > xml-encryption@w3.org > December 2001

Re: Key Derivation Functions for DH key agreement

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Wed, 05 Dec 2001 00:43:32 -0500
Message-Id: <200112050543.AAA0000028131@torque.pothole.com>
To: reagle@w3.org, "Yongge Wang" <ywang@certicom.com>, xml-encryption@w3.org, "Simon Blake-Wilson" <sblakewilson@certicom.com>
Just to be sure no one is surprised later, this change hadn't actually
gotten in but will be in the Section 5 rev I'm about to post.

Donald

From:  Joseph Reagle <reagle@w3.org>
Organization:  W3C
To:  "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>,
            "Yongge Wang" <ywang@certicom.com>, xml-encryption@w3.org,
            "Simon Blake-Wilson" <sblakewilson@certicom.com>
Date:  Tue, 16 Oct 2001 14:18:30 -0400
References:  <200110161417.KAA0000055180@torque.pothole.com>
In-Reply-To:  <200110161417.KAA0000055180@torque.pothole.com>
Message-Id:  <20011016181831.34D50873A1@policy.w3.org>

>Ok, so does anyone object to the change, (it requires a small tweak to an 
>implementation)? If I don't here of any objection by week's end, I'll do 
>the tweak for the next+ draft. (Last Calls are in the hopper for Thursday, 
>and I don't that's enough time to get feedback and do the tweak.)
>
>On Tuesday 16 October 2001 10:17, Donald E. Eastlake 3rd wrote:
>> I don't have a problem with the suggested change.
>>
>> Donald
>>
>> From:  Joseph Reagle <reagle@w3.org>
>> Organization:  W3C
>> To:  "Yongge Wang" <ywang@certicom.com>, xml-encryption@w3.org
>> Date:  Mon, 15 Oct 2001 16:44:44 -0400
>> Cc:  "Simon Blake-Wilson" <sblakewilson@certicom.com>
>> References:  <85256A9A.00510388.00@smtpmail.certicom.com>
>> In-Reply-To:  <85256A9A.00510388.00@smtpmail.certicom.com>
>>
>> >Did anyone ever respond to your email to your satisfaction?
>> >
>> >Also, do you and Simon wish to continue to be listed as participants on
>> > the WG roster? (I generally look if people haven't been active for the
>> > last 6 months and ping them for their continued interest.)
>> >
>> >On Tuesday 31 July 2001 10:45, Yongge Wang wrote:
>> >> Hi,
>> >> I might missed some discussions on this issue. The following comments
>> >> are for the "WG Working Draft 26 June 2001".
>> >>
>> >> In Section 5.5: Key Agreement, there are two functions:
>> >>
>> >> Keying Material = KM(1) | KM(2) | ...
>> >> KM(counter)=DigestAlg(EncryptionAlg | ZZ | counter | Nonce | KeySize)
>> >>
>> >> In ANSI X9.42, ANSI X9.63, and IETF S/MIME, the first function 
>> >> "Keying Material = KM(1) | KM(2) | ..."
>> >> is the same. However, the second function "KM(counter)" is a little
>> >> different from the ANSI and IETF
>> >> one: KM(counter) = H(ZZ||counter||SharedInfo)
>> >> This difference is enough to produce incompatibility with ANSI/IETF
>> >> standards and currently available
>> >> API packages.
>> >>
>> >> Is it possible to change the order of the input to KM so that it will
>> >> look like:
>> >>
>> >> KM(counter) = DigestAlg( ZZ | counter | EncryptionAlg | Nonce |
>> >> KeySize)
>> >>
>> >> Then one can encapsulate "EncryptionAlg | Nonce | KeySize" as the
>> >> SharedInfo and pass it
>> >> to the API package.
>> >>
>> >> Yongge
>> >
>> >--
>> >Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
>> >W3C Policy Analyst                mailto:reagle@w3.org
>> >IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
>> >W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
>
>-- 
>Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
>W3C Policy Analyst                mailto:reagle@w3.org
>IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
>W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
>
Received on Wednesday, 5 December 2001 00:46:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:05 UTC