Re: W3C Encryption Support for DES, RC2, and RC4 Symmetric Encryptio n Algorithms from Donald Eastlake 3rd on 2002-06-19 (xml-encryption@w3.org from June 2002)

From: Donald Eastlake 3rd <dee3@torque.pothole.com>
Date: Wed, 19 Jun 2002 00:14:55 -0400 (EDT)
To: "Ahmed, Zahid" <zahid.ahmed@commerceone.com>
Cc: "'reagle@w3.org'" <reagle@w3.org>, "'xml-encryption@w3.org'" <xml-encryption@w3.org>, "'blaird@microsoft.com'" <blaird@microsoft.com>, "'IMAMU@jp.ibm.com'" <IMAMU@jp.ibm.com>, "Sanfilippo, Joe" <joe.sanfilippo@commerceone.com>
Message-ID: <Pine.LNX.4.44.0206190010330.1487-100000@netbusters.com>

There is already one encryption algorithm in
ftp://ftp.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt

I suppose I could add some more.

Donald
======================================================================
 Donald E. Eastlake 3rd                       dee3@torque.pothole.com
 155 Beaver Street              +1-508-634-2066(h) +1-508-851-8280(w)
 Milford, MA 01757 USA                   Donald.Eastlake@motorola.com

On Tue, 18 Jun 2002, Ahmed, Zahid wrote:

> Date: Tue, 18 Jun 2002 16:29:07 -0700
> From: "Ahmed, Zahid" <zahid.ahmed@commerceone.com>
> To: "'reagle@w3.org'" <reagle@w3.org>,
>      "'dee3@torque.pothole.com'" <dee3@torque.pothole.com>,
>      "'xml-encryption@w3.org'" <xml-encryption@w3.org>
> Cc: "'blaird@microsoft.com'" <blaird@microsoft.com>,
>      "'IMAMU@jp.ibm.com'" <IMAMU@jp.ibm.com>,
>      "Sanfilippo, Joe" <joe.sanfilippo@commerceone.com>
> Subject: W3C Encryption  Support for DES, RC2,
>      and RC4 Symmetric Encryptio n Algorithms
>
> Reviewing the latest XML Encryption Candidate Recommendation spec, it seems
> that only
> following symmetric encryption algorithms are required:
> 1) AES/CBC (128-bit, 192-, and 256-bits)
> 2) Triple-DES/CBC are required in XML Encryption implementations.
>
> However, we are curious if there are any plans to also the option to support
> other
> encryption algorithms such as: DES, RC2 (56- and 128-bit), and RC4 (56- and
> 128-bit).
>
> I understand the propensity of avoiding the usage of weak encryption
> algorithms,
> but there may be some scenarious where this may be useful, e.g.,
> compatibility
> with PKCS7/SMIME encryption which has similar support or siutations where
> encryption exports from US requires weaker encryption option. Now, we do
> understand that XML Encryption implementatiln providers could expose the
> use of such encryption alogirthms and key-lengths, but we would need
> standardized support for the relevant URIs for DES, RC2, and RC4 to ensure
> interoperability of the relevant URIs that define these additional
> encryption options.
>
> thanks,
> Zahid
>
>
>

Received on Wednesday, 19 June 2002 00:15:00 UTC