RE: 4 Dec 2001 updated Section 5 from Eastlake III Donald-LDE008 on 2001-12-05 (xml-encryption@w3.org from December 2001)

From: Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>
Date: Wed, 5 Dec 2001 14:26:33 -0500
To: "'reagle@w3.org'" <reagle@w3.org>, xml-encryption <xml-encryption@w3.org>
Cc: Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>, Donald E Eastlake 3rd <dee3@torque.pothole.com>
Message-ID: <1DE737930E15D511B64400D0B76FE26201A5BC62@ma07exm01.corp.isg.mot.com>

I guess it really makes no difference if the key agreement is a previous on-line, previous off-line, or contemporaneous off-line key derivation. The point is that there isn't any on-line protocol provided by XML DSIG or ENC so creation of the shared secret is not part of the processing they describe.

Donald

-----Original Message-----
From: Joseph Reagle [mailto:reagle@w3.org]
Sent: Wednesday, December 05, 2001 11:42 AM
To: Donald E Eastlake 3rd; xml-encryption
Cc: Donald Eastlake III
Subject: Re: 4 Dec 2001 updated Section 5

On Wednesday 05 December 2001 00:49, Donald E Eastlake 3rd wrote:
> Attached is a further updated section 5.  Changes are:

Thanks Don, they are now in:
 http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/  
 $Revision: 1.83 $ 

> (1) While the algorithm table was correct, sections 5.2.2 and 5.6.3
> incorreclty listed AES-192 as REQUIRED and AES-256 as OPTIONAL. It's the
> other way around.

Now that were in Last Call -> CR transition, does anyone know where we 
stand on AES key wraps?

> (5) Reordering of the concatenation feed to the specified Digest
> Algorithm to producing keying material from an agreed secret quantity in
> Sedtion 5.5.

Note: XML Encryption does NOT provide an on-line key agreement negotiation 
protocol. The key agreement structure defined here is only suitable for 
off-line agreement. Agreement based, for example, on trusted recipient key 
information obtained previously from some public key infrastructure by the 
originator. If a key has been agreed to via some previous on-line protocol, 
it would be more natural to use a KeyName or the like to refer to an agreed 
name. 

How would you define/distinguish a previous online and previous offline 
method?

-- 

Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Wednesday, 5 December 2001 14:26:36 UTC