W3C home > Mailing lists > Public > xml-encryption@w3.org > February 2002

Re: xmlenc Call 13:00 EST 20020204

From: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Date: Mon, 04 Feb 2002 12:01:40 +0100
To: reagle@w3.org, xml-encryption@w3.org
Message-id: <3506785654.1012824100@crypto>

unfortunaltely, I can't participate in today's telecon, so here my 

--On Mittwoch, 30. Januar 2002 14:58 -0500 Joseph Reagle <reagle@w3.org> 
>   Pending
>     1. Encrypting the IV
>        Do we encrypt the IV?
> http://lists.w3.org/Archives/Public/xml-encryption/2002Jan/0128.html

- I do not want to delete plaintext-IV stuff from the spec.

- I would like to see to get an OPTIONAL ECB-encrypted-IV for AES and 
possibly for 3DES. But this depends on WG consensus: If I'm the only person 
who thinks that this would make sense, then stop it. Then this has to be a 
proprietary, user-defined mechanism.

> 2. Password Derivation
>        Is Christian's understanding of what a password derivation is
>        accurate? Do we still wish to not specify this ourselves?
> http://lists.w3.org/Archives/Public/xml-encryption/2002Jan/0117.html

Here the same: If I'm the only person who things that this would make 
sense, then stop it. It was only the question if password- or 
passphrase-based enryption is an issue for others, too. Applications like 
PGP do completely depend on passwords (user-supplied strings with probably 
a low entrophy), so if we want something similar (competing?), this could 
be interesting.

Regards and have a nice day,
Received on Monday, 4 February 2002 06:00:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:07 UTC