- From: Pieter Kasselman <pkasselman@baltimore.com>
- Date: Tue, 29 Jan 2002 09:35:41 -0000
- To: "'reagle@w3.org'" <reagle@w3.org>, Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>, "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
- Cc: Dan Lanz <lanz@zolera.com>, xml-encryption@w3.org, blaird@microsoft.com
Hi Joseph, I am inclined to agree with your approach. It makes more sense to use chaining schemes that has already been standardised/scrutinized/vetted. Perhaps the right way to go about this is to propose encrypting the IV used with CBC mode to a standards body that deals with cryptography and let them standardise it (e.g. NIST has been running a series of workshops on modes of operation for block ciphers http://csrc.nist.gov/encryption/modes/). XML Encrypt should be flexible enough to allow for any encryption chaining scheme to be specified. Thus once CBC with IV encryption is standardised by one of these bodies, it can be used with XML Encrypt. Cheers Pieter > -----Original Message----- > From: Joseph Reagle [SMTP:reagle@w3.org] > Sent: 28 January 2002 22:55 > To: Christian Geuer-Pollmann; Donald E. Eastlake 3rd > Cc: Dan Lanz; xml-encryption@w3.org; blaird@microsoft.com > Subject: Re: Encrypting the IV - again. Was: Re: nonce length > > On Monday 28 January 2002 17:09, Christian Geuer-Pollmann wrote: > > Well, it seems to me that I do not need obvious facts to introduce > > necessary changes into the spec but well-known names ;-(( > > Hi Christian, I'm not advocating that necessarily, nor that we just need a > > reference in order to accept it. In fact, I'm not opposed to encrypting > the > IV. I'm just saying that I prefer that *this* WG not take it upon itself > to > introduce a "new mode". I'm most comfortable if the issue has > been addressed by others and it's been vetted/discussed/standardized, etc. > > That's that. > > So, what do others people think? Should we encrypt the IV? (If so, we'll > do > it.) > > > -- > > Joseph Reagle Jr. http://www.w3.org/People/Reagle/ > W3C Policy Analyst mailto:reagle@w3.org > IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ > W3C XML Encryption Chair http://www.w3.org/Encryption/2001/ > > > > This footnote confirms that this email message has been swept by > MIMEsweeper for the presence of computer viruses. ----------------------------------------------------------------------------- Baltimore Technologies plc will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. This footnote confirms that this email message has been swept by Baltimore MIMEsweeper for Content Security threats, including computer viruses. http://www.baltimore.com
Received on Tuesday, 29 January 2002 04:37:53 UTC