Re: Editorial Details before publishing REC from Donald Eastlake 3rd on 2002-12-03 (xml-encryption@w3.org from December 2002)

From: Donald Eastlake 3rd <dee3@torque.pothole.com>
Date: Tue, 3 Dec 2002 08:15:05 -0500 (EST)
To: xml-encryption@w3.org
Message-ID: <Pine.LNX.4.44.0212030759160.11792-100000@netbusters.com>

I'm generally in agreement with Tom. The third paragarph in Section 5.4
could either be eliminated or, to leave things more complete which I
would prefer, replaced with something like


The RSA v1.5 Key Transport algorithm given below is that used in
conjunction with TRIPLEDES and the Cryptographic Message Syntax (CMS) of
S/MIME [CMS-Algorithms]. The RSA v2 Key Transport algorithm given below
is that used in conjunction with AES and CME [AES-WRAP].


Where [AES-WRAP] is a reference to RFC 3394 which has been split out of 
the other AES related algorithms and published separately and the 
CMS-AES reference is eliminated.

Thanks,
Donald

On Tue, 26 Nov 2002, Tom Gindin wrote:

> Date: Tue, 26 Nov 2002 17:09:00 -0500
> From: Tom Gindin <tgindin@us.ibm.com>
> To: reagle@w3.org
> Cc: xml-encryption@w3.org
> Subject: Re: Editorial Details before publishing REC
> Resent-Date: Tue, 26 Nov 2002 17:42:06 -0500 (EST)
> Resent-From: xml-encryption@w3.org
> 
>       FIPS 197 appears to be stable.  CSRC's web page for AES hasn't been
> updated all year.
>       On the other hand, CMS-AES draft 5 makes no reference to RSA#1 v1.5
> until the security considerations section, and IMHO there seems to be
> little point in using it as an intermediate reference instead of going
> straight to the stable RFC 2437.  You could say that the two RSA variants
> are the ones which have been used for key transport in documents of the CMS
> series, of course.
> 
>             Tom Gindin
> 
> 
> Joseph Reagle <reagle@w3.org>@w3.org on 11/26/2002 04:23:35 PM
> 
> Please respond to reagle@w3.org
> 
> Sent by:    xml-encryption-request@w3.org
> 
> To:    <xml-encryption@w3.org>
> cc:
> Subject:    Editorial Details before publishing REC
> 
> 
> 
> 
> As we ready to publish the next version of XENC [1] and the Decryption
> Transform [2]:
> 
> 1. We still have two questionable references.
> 
> Is FIPS 197 the correct and stable specification for AES? (Any updates?)
>   AES
>     NIST FIPS 197: Advanced Encryption Standard (AES).
>     November 2001.
>     http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
> 
> CMS-AES version 04 has expired, but we profile it for our purposes. I'm
> willing to update this to version 05 if someone can vouch the substantive
> bits that we've profiled have not changed.
>   CMS-AES
>   Use of the Advanced Encryption Algorithm in CMS. J. Schaad
>   and R. Housley. Internet-Draft, January 2002.
>   http://www.ietf.org/internet-drafts/draft-ietf-smime-aes-alg-04.txt
> 
> 2. Has anyone noted any editorial problems with the bits in red in the two
> editorial drafts? If not, they will be the final text! <smile/>
> 
> [1] http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/
> [2] http://www.w3.org/Encryption/2001/Drafts/xmlenc-decrypt.html
> 
> 
> 
> 
> 
> 
> 

-- 
======================================================================
 Donald E. Eastlake 3rd                       dee3@torque.pothole.com
 155 Beaver Street              +1-508-634-2066(h) +1-508-851-8280(w)
 Milford, MA 01757 USA                   Donald.Eastlake@motorola.com

Received on Tuesday, 3 December 2002 08:15:06 UTC