- From: Takeshi Imamura <IMAMU@jp.ibm.com>
- Date: Fri, 2 Nov 2001 14:59:06 +0900
- To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
- Cc: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>, XML Encryption WG <xml-encryption@w3.org>
Donald, >FIPS-81, DES Modes of operations, in Appendix C on CBC with byte data >specified that it is to be padded by placing in the last byte of the >last cblock of input data the number of padding bytes (including this >count byte) and filling remaining pad bytes with anything. I.E., if >there were 5 bytes of data in the last block, these would be left >justified, the bottom byte set to 0x03, and the two bytes between the >data and this "3" byte set to any pad characters. If the data exactly >fills the last block, an additional block is added with 0x08 in the >bottom byte and its remaining 7 bytes filled with any pad character. > >Since this seems to be sort of part of the definition of CBC, would >there be any objection to explicitly specifying this for XML ENC? I studied FIPS-81 and found that the padding method you had pointed is given just as an example. Moreover another padding method is given, which may lead to a misunderstanding. So I believe that we should specify the padding method explicitly or use standard padding methods like the PKCS#5 padding. Thanks, Takeshi IMAMURA Tokyo Research Laboratory IBM Research imamu@jp.ibm.com
Received on Friday, 2 November 2001 00:59:17 UTC