- From: jiandong guo <jguo@phaos.com>
- Date: Wed, 17 Apr 2002 22:40:00 -0700
- To: "Tom Gindin" <tgindin@us.ibm.com>
- Cc: <xml-encryption@w3.org>, <reagle@w3c.org>
> Looking at the way this is currently done, it would be more
> consistent to create a second optional element ("ds:MGFDigest") under
> RSA-OAEP with the note in the specification that if this method is omitted
> it is considered as equal to ds:DigestMethod, and that if ds:DigestMethod
> is omitted it is considered as equal to "SHA-1". Alternatively, we could
> put maxOccurs of ds:DigestMethod as 2, with the interpretation (explicit
in
> the spec) that if both are present the first is the hash algorithm and the
> second the MGF, if one is present it's used for both, and if neither is
> present both are set to "SHA-1". I can see no reason why ds:DigestMethod
> should not have a "maxOccurs" value.
It is conceptually wrong to put the ds:MGFDigest (or we should use
ds:MGF1Digest) in the same level with ds:DigestMehtod and OAEPParameters.
If we want flexibility of the hash
function in MGF1, I think we should have a MaskGenerationFunction element
which has its own
URI attribute identifying the algorithm and parameters (in the case of MGF1,
a hash function).
Only in this way we can be consistant with the RSA-OAEP ASN.1 syntax as
specified in PKCS1 2.0.
But I guess this not what they originally desired. In this case I think the
best we can do is to fix the
Mask Generation Function.
Jiandong
Received on Wednesday, 17 April 2002 22:49:08 UTC