Re: FW: Re: rsa/oaep

On Thursday 18 April 2002 11:29, Jiandong Guo wrote:
> The common sense is that if a parameter in a algorithm  is not present,
> then the default should be used if there is one.

As an aside, I'm likely to oppose this sort of specification as it is 
counter to the rest of the spec where if some bit of variable syntax is not 
present, the semantic is unkown (application defined) instead of an 
implicit (default) semantic.

Otherwise, it looks like we have a couple of options:

1. (the present scheme): the hash is user specified; mgf is SHA-1.
2. the hash and mgf is user specified and they are always the same.
3. the hash and mgf are independently user specified.

-- 

Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Thursday, 18 April 2002 11:57:54 UTC