- From: Joseph Reagle <reagle@w3.org>
- Date: Fri, 26 Apr 2002 11:23:55 -0400
- To: "Tom Gindin" <tgindin@us.ibm.com>
- Cc: xml-encryption@w3.org
Your dissent is noted as such in the bottom issue in:
http://www.w3.org/Encryption/2001/11/last-call-issues#CandidateREC
On Friday 26 April 2002 07:42, Tom Gindin wrote:
> I wish to document my view that treating the default MGF as
> MGF1(SHA-1) rather than MGF1(DigestMethod) is a mistake, although I
> appear to have been outvoted. The currently posted draft does not make
> clear which interpretation is to be used ("using the mask generator
> function MGF1 specified in RFC 2437"), and the apparent reason for the
> defaulting in PKCS#1 is that it is easiest to default values to a literal
> constant in ASN.1. There is no syntax defined in the draft by which the
> MGF1's digest method can be specified, unlike in PKCS#1. While Don is
> correct that there are no reasons why the DigestMethod and the MGF1's
> digest method must match, the reasons for increasing the range size of
> one apply almost equally strongly to the other, and increases in the
> range size of a digest method are IMO the principal reason for the use of
> an algorithm other than SHA-1 in this context.
> Current implementations which use SHA-1 for both the DigestMethod
> and the MGF's digest method would be unaffected by either interpretation.
> Nobody has stated AFAIK that they have implemented anything other than
> SHA-1 for either digest method.
Received on Friday, 26 April 2002 11:23:58 UTC