Re: 3rd try at Algorithms Section from Joseph Ashwood on 2001-06-12 (xml-encryption@w3.org from June 2001)

From: Joseph Ashwood <jashwood@arcot.com>
Date: Tue, 12 Jun 2001 14:02:04 -0700
To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Cc: <xml-encryption@w3c.org>, <lde008@dma.isg.mot.com>
Message-ID: <04cf01c0f382$f99259f0$2a0210ac@livermore>

ARCFOUR actually expands the key to 256 bytes anyway, just use the shared
secret. But I do see the point there are certain cases where it is somewhat
ambiguous. Having a <KeySize/> element is fine by me.
                                        Joe

----- Original Message -----
From: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
To: "Joseph Ashwood" <jashwood@arcot.com>
Cc: <xml-encryption@w3c.org>; <lde008@dma.isg.mot.com>
Sent: Monday, June 11, 2001 9:14 PM
Subject: Re: 3rd try at Algorithms Section


>
> If an ARCFOUR key is being derived from a shared secret resulting from
> some key agreement method, how do you determine how big a key you
> should derive without something like the <KeySize/> element?
>
> Donald
>
> From:  "Joseph Ashwood" <jashwood@arcot.com>
> Message-ID:  <00a701c0f2a5$772da6a0$2a0210ac@livermore>
> To:  <xml-encryption@w3c.org>,
>             "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
> Cc:  <lde008@dma.isg.mot.com>
> References:  <200106110445.AAA0000049220@torque.pothole.com>
> Date:  Mon, 11 Jun 2001 11:33:31 -0700
>
> >XML Encryption Algorithms DraftSome comments on the ARCFOUR section (I
don't
> >have any significant comments on the others).
> >
> >It is correct that a key can only be used once, but there is a rather
> >unofficial standard to place use an IV (in this case it would likely be
> >prepended to the ciphertext), and to concatenate this after the key for
the
> >key schedule (easiest reference is CipherSaber). If we do incorporate an
IV
> >we would have to define the length of the IV in some way.
> >
> >The keysize is unnecessary. The key schedule for ARCFOUR is such that any
> >key size (up to 2048 bits) is valid, and the method of doing so is well
> >documented.
> >
> >These are relatively minor things, and since ARCFOUR is just there as an
> >example it's debatable whether or not we should actually make these
> >changes..
> >                        Joe
> >
> >----- Original Message -----
> >From: Donald E. Eastlake 3rd
> >To: xml-encryption@w3c.org
> >Cc: lde008@dma.isg.mot.com
> >Sent: Sunday, June 10, 2001 9:45 PM
> >Subject: 3rd try at Algorithms Section
> >
> >
>

Received on Tuesday, 12 June 2001 17:02:46 UTC