- From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
- Date: Tue, 12 Jun 2001 00:14:30 -0400
- To: "Joseph Ashwood" <jashwood@arcot.com>
- cc: <xml-encryption@w3c.org>, <lde008@dma.isg.mot.com>
If an ARCFOUR key is being derived from a shared secret resulting from
some key agreement method, how do you determine how big a key you
should derive without something like the <KeySize/> element?
Donald
From: "Joseph Ashwood" <jashwood@arcot.com>
Message-ID: <00a701c0f2a5$772da6a0$2a0210ac@livermore>
To: <xml-encryption@w3c.org>,
"Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Cc: <lde008@dma.isg.mot.com>
References: <200106110445.AAA0000049220@torque.pothole.com>
Date: Mon, 11 Jun 2001 11:33:31 -0700
>XML Encryption Algorithms DraftSome comments on the ARCFOUR section (I don't
>have any significant comments on the others).
>
>It is correct that a key can only be used once, but there is a rather
>unofficial standard to place use an IV (in this case it would likely be
>prepended to the ciphertext), and to concatenate this after the key for the
>key schedule (easiest reference is CipherSaber). If we do incorporate an IV
>we would have to define the length of the IV in some way.
>
>The keysize is unnecessary. The key schedule for ARCFOUR is such that any
>key size (up to 2048 bits) is valid, and the method of doing so is well
>documented.
>
>These are relatively minor things, and since ARCFOUR is just there as an
>example it's debatable whether or not we should actually make these
>changes..
> Joe
>
>----- Original Message -----
>From: Donald E. Eastlake 3rd
>To: xml-encryption@w3c.org
>Cc: lde008@dma.isg.mot.com
>Sent: Sunday, June 10, 2001 9:45 PM
>Subject: 3rd try at Algorithms Section
>
>
Received on Tuesday, 12 June 2001 00:17:21 UTC