Re: xmlenc Call 13:00 EST 20020204


unfortunaltely, I can't participate in today's telecon, so here my 

--On Mittwoch, 30. Januar 2002 14:58 -0500 Joseph Reagle <> 
>   Pending
>     1. Encrypting the IV
>        Do we encrypt the IV?

- I do not want to delete plaintext-IV stuff from the spec.

- I would like to see to get an OPTIONAL ECB-encrypted-IV for AES and 
possibly for 3DES. But this depends on WG consensus: If I'm the only person 
who thinks that this would make sense, then stop it. Then this has to be a 
proprietary, user-defined mechanism.

> 2. Password Derivation
>        Is Christian's understanding of what a password derivation is
>        accurate? Do we still wish to not specify this ourselves?

Here the same: If I'm the only person who things that this would make 
sense, then stop it. It was only the question if password- or 
passphrase-based enryption is an issue for others, too. Applications like 
PGP do completely depend on passwords (user-supplied strings with probably 
a low entrophy), so if we want something similar (competing?), this could 
be interesting.

Regards and have a nice day,

Received on Monday, 4 February 2002 06:00:11 UTC