W3C home > Mailing lists > Public > xml-encryption@w3.org > December 2001

Re: 4 Dec 2001 updated Section 5

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Wed, 05 Dec 2001 21:11:32 -0500
Message-Id: <200112060211.VAA0000030615@torque.pothole.com>
To: reagle@w3.org
cc: Donald E Eastlake 3rd <Donald.Eastlake@motorola.com>, xml-encryption <xml-encryption@w3.org>

I don't know about key wrap, but I just found out that AES has finally
become an official FIPS. References to the draft FIPS should be
changed to http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
or the like.

Donald

From:  Joseph Reagle <reagle@w3.org>
Organization:  W3C
To:  Donald E Eastlake 3rd <dee3@torque.pothole.com>,
            xml-encryption <xml-encryption@w3.org>
Date:  Wed, 5 Dec 2001 11:41:53 -0500
Cc:  lde008@email.mot.com
References:  <3C0DB569.2040807@torque.pothole.com>
In-Reply-To:  <3C0DB569.2040807@torque.pothole.com>
Message-Id:  <20011205164154.5EA131072@policy.w3.org>

>On Wednesday 05 December 2001 00:49, Donald E Eastlake 3rd wrote:
>> Attached is a further updated section 5.  Changes are:
>
>Thanks Don, they are now in:
> http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/  
> $Revision: 1.83 $ 
>
>> (1) While the algorithm table was correct, sections 5.2.2 and 5.6.3
>> incorreclty listed AES-192 as REQUIRED and AES-256 as OPTIONAL. It's the
>> other way around.
>
>Now that were in Last Call -> CR transition, does anyone know where we 
>stand on AES key wraps?
>
>> (5) Reordering of the concatenation feed to the specified Digest
>> Algorithm to producing keying material from an agreed secret quantity in
>> Sedtion 5.5.
>
>Note: XML Encryption does NOT provide an on-line key agreement negotiation 
>protocol. The key agreement structure defined here is only suitable for 
>off-line agreement. Agreement based, for example, on trusted recipient key 
>information obtained previously from some public key infrastructure by the 
>originator. If a key has been agreed to via some previous on-line protocol, 
>it would be more natural to use a KeyName or the like to refer to an agreed 
>name. 
>
>How would you define/distinguish a previous online and previous offline 
>method?
>
>-- 
>
>Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
>W3C Policy Analyst                mailto:reagle@w3.org
>IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
>W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
>
Received on Wednesday, 5 December 2001 21:14:12 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:05 UTC