- From: Jim Schaad <jimsch5@home.com>
- Date: Wed, 13 Jun 2001 12:26:20 -0700
- To: "'Donald E. Eastlake 3rd'" <dee3@torque.pothole.com>, <xml-encryption@w3c.org>
- Cc: <lde008@dma.isg.mot.com>
There are a couple of issues that I still have on this section. 1. I would like to add a paragraph along the following lines: "The working group decided to include the IV as part of the cipher text stream in order to allow for the encryption method parameter to be omitted. Good cryptographic practice requires that a different random IV be used with every block algorithm. If the IV were specified as part of the encryption method, either the IV would have to be implicitly known by the decryptor or the encryption method structure would be required to exist in order to carry the IV." 2. I do not like the fact that a schema has been proposed for EncryptionMethod that provides for an amalgamation of different parameters from various different algorithms. I can see somebody attempting to set the KeySize parameter with 3DES and not getting expected behavior. The values of 112, 128, 168 and 192 are all reasonable values to place into that structure for the uninitiated (and would be logical to include if doing key derivation potentially). I strongly prefer having each algorithm define the parameters it needs in it's namespace. 3. You omitted using most of my comments on DH. KeyInfo is suppose to contain within it one or more methods of retrieving the same key value. The inclusion of the AgreementMethod item violates this principle. The information to do key agreement is part of the DH encryption method and should be placed at that location. jim
Received on Wednesday, 13 June 2001 17:50:01 UTC