Re: FW: Re: rsa/oaep from Tom Gindin on 2002-04-10 (xml-encryption@w3.org from April 2002)

From: Tom Gindin <tgindin@us.ibm.com>
Date: Wed, 10 Apr 2002 17:23:59 -0400
To: Jiandong Guo <jguo@phaos.com>
Cc: reagle@w3.org, xml-encryption@w3.org
Message-ID: <OFCA55FF9D.B669365B-ON85256B97.006D096F@pok.ibm.com>
      I agree with you about the general issue.  If we're going to define
new URI's for OAEP, we need a naming convention which identifies which
permits distinct hashes and MGF hashes and defines which one is which.  I
propose the following: rsa-oaep-HASH1-mgf1-MGFHASH-p, with HASH1 omitted if
it is the same as MGFHASH.  By the way, the proposed URI is legitimate
under this convention, although it's a simplified case.
      The following text can go into the specification:
"Encryption using RSA-OAEP SHOULD be specified either by a URI with an
ending of the form  rsa-oaep-mgf1-HASH-p, indicating that the function HASH
is used both by MGF1 and as the hash function, or by a URI with an ending
of the form rsa-oaep-HASH1-mgf1-MGFHASH-p, indicating that the function
HASH1 is used as the hash function and the function MGFHASH is used by
MGF1."  We might also point out that
http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p is equivalent to
rsa-oaep-mgf1-sha1-p.

            Tom Gindin

Jiandong Guo <jguo@phaos.com>@w3.org on 04/09/2002 11:54:46 AM

Sent by:    xml-encryption-request@w3.org


To:    reagle@w3.org
cc:    xml-encryption@w3.org
Subject:    Re: FW: Re: rsa/oaep


Joseph,

I object to the change of the URI of RSA-OAEP for the following reasons.
First of all, the new URI "rsa-oaep-mgf1-sha1-p" is nearly as vague as the
old one.

You still cannot see clearly if the "sha1" is for the hash function of the
OAEP
encoding
or the hash function to be used in MGF1. The fact is that it is hard to
represent
all the parameters of RSA-OAEP clearly in a single URI. So I really believe
that it
is
enough to make it clear in the text of the recommendation. Secondly, at
this stage,

there are already many exsiting implementations, and considerable effort
has been
expended on interop. This change will cause a lot of confusion and
breakage,
for what is primarily an aesthetic improvement. I don't think it is
worthwhile to
do it.


Jiandong Guo
Phaos Technology
http://www.phaos.com

Joseph Reagle wrote:

> On Monday 08 April 2002 19:22, merlin wrote:
> > Does it need a new namespace? It's just deprecating an old ambiguous
> > algorithm URI and replacing it with a new, more explicit URI in the
same
> > namespace. We're not changing the schema.
>
> I like the new algorithm-ID as well. (For my clarity, do you agree with
the
> URI Donald proposed, with the "-p" on the end?) However, when we are in
CR
> we have an obligation [a] not to cause existing implementations of that
> namespace to break with respect to application behaviour or invalidating
> existing syntax. You're right about the syntax, but we still have an
> obligation to return something if someone looks at the old URI. Either it
> should dereference to something saying it's deprecated, or continue to
> point to an older spec (and not the REC).
>
> [a] http://www.w3.org/1999/10/nsuri
>
> Consequently, I don't think we need to change the namespace of the whole
> spec. I think we have two decent solutions to choose from. (I prefer the
> first, so people know explicitly it is deprecated and it's less
confusing.)
>
> (1) In the spec we say the following is deprecated:
>   http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
> and replaced by
>   http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1-sha1-p
>
> (2) Or we drop the old one from the spec all-together and replace it with
a
> new one (notice the year/month change).
>   http://www.w3.org/2002/03/xmlenc#rsa-oaep-mgf1-sha1-p
>
> I've repsented option 1 in:
>
>
http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/Overview.html#sec-RSA-OAEP

> new revision: 1.172
Received on Thursday, 11 April 2002 07:23:01 UTC