RE: Comments on 2nd try at Algorithms Section

Thanks for the clarification.  Guess I should have gone back and re-read
the CMS spec.

-----Original Message-----
From: Jim Schaad [mailto:jimsch5@home.com] 
Sent: Wednesday, June 06, 2001 3:53 PM
To: Blair Dillaway; xml-encryption@w3.org
Subject: RE: Comments on 2nd try at Algorithms Section




> -----Original Message-----
> From: xml-encryption-request@w3.org 
> [mailto:xml-encryption-request@w3.org]On Behalf Of Blair Dillaway
> Sent: Wednesday, June 06, 2001 3:14 PM
> To: xml-encryption@w3.org
> Subject: Comments on 2nd try at Algorithms Section
>
>
> > Just catching up on recent postings.  Here are comments on the 2nd 
> > draft Algorithm section.
> >
> > Symmetric Key Wrap
> >
> > As noted earlier by Jim Schaad, the RC2 Key Wrap should be deleted.
> >
> > The remaining algorithms on the list are, however,
> problematic.  If we
> > use the CMS defined key wrap then I believe we must respecify the 
> > encoding to use XML rather than ASN.1.  I am not opposed this being 
> > done given the lack of standardized alternatives in this area.  We 
> > also have a problem in that AES key wrap is not yet
> defined.  Would we
> > be allowed to propose a standard with a required algotihm whose 
> > specification is TBD?  I don't think so.  So how to we clearly state

> > it will become required at some point in the future?
> >
> > There has been some discussion of using a key deriviation algorithm 
> > based on a shared symmetric key.  I'm not opposed to this as an 
> > alternative but would like to see a specific proposal based on a 
> > published standard, or de-facto standard.

Blair - don't confuse key derivation and key wrap.  The CMS key
derivation algorithm uses ASN but the key wrap algorithm does not.

As a side note, I have been informed that the AES key wrap algorithm is
currently expected to be released in July.  (Of course it was originally
expected last December.)

> >
> > Regards,
> > Blair
>

jim

Received on Wednesday, 6 June 2001 19:27:44 UTC