- From: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
- Date: Mon, 04 Feb 2002 12:01:40 +0100
- To: reagle@w3.org, xml-encryption@w3.org
Hi, unfortunaltely, I can't participate in today's telecon, so here my intentions: --On Mittwoch, 30. Januar 2002 14:58 -0500 Joseph Reagle <reagle@w3.org> wrote: > Pending > > 1. Encrypting the IV > Do we encrypt the IV? > > http://lists.w3.org/Archives/Public/xml-encryption/2002Jan/0128.html - I do not want to delete plaintext-IV stuff from the spec. - I would like to see to get an OPTIONAL ECB-encrypted-IV for AES and possibly for 3DES. But this depends on WG consensus: If I'm the only person who thinks that this would make sense, then stop it. Then this has to be a proprietary, user-defined mechanism. > 2. Password Derivation > Is Christian's understanding of what a password derivation is > accurate? Do we still wish to not specify this ourselves? > > http://lists.w3.org/Archives/Public/xml-encryption/2002Jan/0117.html Here the same: If I'm the only person who things that this would make sense, then stop it. It was only the question if password- or passphrase-based enryption is an issue for others, too. Applications like PGP do completely depend on passwords (user-supplied strings with probably a low entrophy), so if we want something similar (competing?), this could be interesting. Regards and have a nice day, Christian
Received on Monday, 4 February 2002 06:00:11 UTC