- From: Jiandong Guo <jguo@phaos.com>
- Date: Thu, 18 Apr 2002 13:00:00 -0400
- To: reagle@w3.org
- CC: Tom Gindin <tgindin@us.ibm.com>, xml-encryption@w3.org
Joseph Reagle wrote: > On Thursday 18 April 2002 11:29, Jiandong Guo wrote: > > The common sense is that if a parameter in a algorithm is not present, > > then the default should be used if there is one. > > As an aside, I'm likely to oppose this sort of specification as it is > counter to the rest of the spec where if some bit of variable syntax is not > present, the semantic is unkown (application defined) instead of an > implicit (default) semantic. I don't mean we should default anything. But the PKCS1 v2.0 specification put a default value for each parameter of RSA_OAEP so that when it is not present, this default value is supposed to be used. Since we are missing out the MGF element in our syntax, it is natural to assume that we will use their default MGF (which is MGF1SHA1) So if we don't want to create a MGF child element in our schema, there is no reason we should break this requirement. Jiandong Guo Phaos Technology > > > Otherwise, it looks like we have a couple of options: > > 1. (the present scheme): the hash is user specified; mgf is SHA-1. > 2. the hash and mgf is user specified and they are always the same. > 3. the hash and mgf are independently user specified. > > -- > > Joseph Reagle Jr. http://www.w3.org/People/Reagle/ > W3C Policy Analyst mailto:reagle@w3.org > IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ > W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Thursday, 18 April 2002 12:59:06 UTC