Re: W3C Encryption Support for DES, RC2, and RC4 Symmetric Encryptio n Algorithms

      Takeshi:

      Do you still think that it's dubious to have password-based
encryption algorithms in the specification?  Everybody may wish to take
note that PKCS#5 is currently being modified to include AES, RC6, SHA256,
SHA384, and SHA512, but that the official standard does not yet include
those algorithms.

            Tom Gindin


Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de> on
06/19/2002 08:48:13 AM

To:    Tom Gindin/Watson/IBM@IBMUS, Donald Eastlake 3rd
       <dee3@torque.pothole.com>
cc:    "Ahmed, Zahid" <zahid.ahmed@commerceone.com>, "'reagle@w3.org'"
       <reagle@w3.org>, "'xml-encryption@w3.org'" <xml-encryption@w3.org>,
       "'blaird@microsoft.com'" <blaird@microsoft.com>, Takeshi
       Imamura/Japan/IBM@IBMJP, "Sanfilippo, Joe"
       <joe.sanfilippo@commerceone.com>
Subject:    Re: W3C Encryption Support for DES, RC2, and RC4 Symmetric
       Encryptio n  Algorithms


Just another link on that topic:

<http://lists.w3.org/Archives/Public/xml-encryption/2002Jan/0122.html>

Christian

--On Mittwoch, 19. Juni 2002 08:11 -0400 Tom Gindin <tgindin@us.ibm.com>
wrote:

>       Don:
>
>       Not all the missing algorithms are weak ones.  The entire class of
> password-based encryption algorithms are not defined.  Admittedly,
there's
> no reason to make them mandatory to support, nor to define everything in
> sight (I've catalogued 15 PKCS#5 or PKCS#12 variants using SHA-1 as their
> digest, before AES came out), but a few of them would probably help.  I
> would suggest pkcs-12-PBEWithSha1AndTripleDESCBC and
> pbeWithSHAAnd3-KeyTripleDES-CC (see PKCS#12 section 6.3) for a start.
>
>             Tom Gindin

Received on Wednesday, 19 June 2002 12:36:40 UTC