- From: Jiandong Guo <jguo@phaos.com>
- Date: Thu, 18 Apr 2002 11:29:26 -0400
- To: Tom Gindin <tgindin@us.ibm.com>
- CC: xml-encryption@w3.org, reagle@w3c.org
Tom Gindin wrote: > I'm not an expert on XML syntax, but I don't think that requiring > that the MGF function be SHA-1 (as opposed to defaulting it) is reasonable. > The primary reason for this is that at some time in the next few years > SHA-256 (along with SHA-384 and SHA-512) will be standardized, and a few > years after that one of those will become widely used. Eventually it will > be more common than SHA-1 because of its larger range size. RIPEMD-160 is > a less important case. I agree with you on this. But my concern is how to put the syntax correctly to accomondate it. I guess it was decided early on that MGF stuff (I don't know the history) not put in the XML schema. The common sense is that if a parameter in a algorithm is not present, then the default should be used if there is one. > > By comparison, requiring that the MGF function match the hash > function is far more reasonable. It isn't necessary, but it seems to be > the most common practice. > If we require this without specifying it in the syntax, we will be in a mess if we want to extend the schema to include the support of any other Mask Generation Function in the furture. Jiandong Guo Phaos Technology
Received on Thursday, 18 April 2002 11:28:34 UTC