- From: Joseph Reagle <reagle@w3.org>
- Date: Fri, 26 Apr 2002 11:23:55 -0400
- To: "Tom Gindin" <tgindin@us.ibm.com>
- Cc: xml-encryption@w3.org
Your dissent is noted as such in the bottom issue in: http://www.w3.org/Encryption/2001/11/last-call-issues#CandidateREC On Friday 26 April 2002 07:42, Tom Gindin wrote: > I wish to document my view that treating the default MGF as > MGF1(SHA-1) rather than MGF1(DigestMethod) is a mistake, although I > appear to have been outvoted. The currently posted draft does not make > clear which interpretation is to be used ("using the mask generator > function MGF1 specified in RFC 2437"), and the apparent reason for the > defaulting in PKCS#1 is that it is easiest to default values to a literal > constant in ASN.1. There is no syntax defined in the draft by which the > MGF1's digest method can be specified, unlike in PKCS#1. While Don is > correct that there are no reasons why the DigestMethod and the MGF1's > digest method must match, the reasons for increasing the range size of > one apply almost equally strongly to the other, and increases in the > range size of a digest method are IMO the principal reason for the use of > an algorithm other than SHA-1 in this context. > Current implementations which use SHA-1 for both the DigestMethod > and the MGF's digest method would be unaffected by either interpretation. > Nobody has stated AFAIK that they have implemented anything other than > SHA-1 for either digest method.
Received on Friday, 26 April 2002 11:23:58 UTC