RE: W3C Encryption Support for DES, RC2, and RC4 Symmetric Encry ptio n Algorithms from Ahmed, Zahid on 2002-06-19 (xml-encryption@w3.org from June 2002)

From: Ahmed, Zahid <zahid.ahmed@commerceone.com>
Date: Wed, 19 Jun 2002 15:06:03 -0700
To: "'Donald Eastlake 3rd'" <dee3@torque.pothole.com>
Cc: "'reagle@w3.org'" <reagle@w3.org>, "'xml-encryption@w3.org'" <xml-encryption@w3.org>, "Sanfilippo, Joe" <joe.sanfilippo@commerceone.com>
Message-ID: <C1E0143CD365A445A4417083BF6F42CC02F890DC@C1plenaexm07.commerceone.com>

Hi Don,

I agree that we should any new encryption URIs in the 
draft-eastlake-xmldsig-uri-02.txt document.

Specifically, we should seriously consider adding:

1) URI for "DES/CBC/XMLENCPadding" i.e, 56-bit DES encryption;
   e.g., <some-base-URI>/xmlenc#des-cbc

Furthermore, it is not clear if RC4 and RC2 URIs
are standardized for XML encryption enabled applications.
If not already standardized, I recommend that we
also add them:

2) URI for RC4 56-bit and 128-bit encryption;
   e.g., <some-base-URI>/xmlenc#rc4-56
	   <some-base-URI>/xmlenc#rc4-128
	
3) URI for RC2 56-bit and 128-bit encryption;
   e.g., <some-base-URI>/xmlenc#rc2-56
	   <some-base-URI>/xmlenc#rc2-128
	

I think this would allow URI interoperability of some 
commonly used symmetric encryption algorithms and will also
not require any changes to XML Encryption spec.


thanks,
Zahid




-----Original Message-----
From: Donald Eastlake 3rd [mailto:dee3@torque.pothole.com]
Sent: Tuesday, June 18, 2002 9:15 PM
To: Ahmed, Zahid
Cc: 'reagle@w3.org'; 'xml-encryption@w3.org'; 'blaird@microsoft.com';
'IMAMU@jp.ibm.com'; Sanfilippo, Joe
Subject: Re: W3C Encryption Support for DES, RC2, and RC4 Symmetric
Encryptio n Algorithms


There is already one encryption algorithm in
ftp://ftp.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt

I suppose I could add some more.

Donald
======================================================================
 Donald E. Eastlake 3rd                       dee3@torque.pothole.com
 155 Beaver Street              +1-508-634-2066(h) +1-508-851-8280(w)
 Milford, MA 01757 USA                   Donald.Eastlake@motorola.com

On Tue, 18 Jun 2002, Ahmed, Zahid wrote:

> Date: Tue, 18 Jun 2002 16:29:07 -0700
> From: "Ahmed, Zahid" <zahid.ahmed@commerceone.com>
> To: "'reagle@w3.org'" <reagle@w3.org>,
>      "'dee3@torque.pothole.com'" <dee3@torque.pothole.com>,
>      "'xml-encryption@w3.org'" <xml-encryption@w3.org>
> Cc: "'blaird@microsoft.com'" <blaird@microsoft.com>,
>      "'IMAMU@jp.ibm.com'" <IMAMU@jp.ibm.com>,
>      "Sanfilippo, Joe" <joe.sanfilippo@commerceone.com>
> Subject: W3C Encryption  Support for DES, RC2,
>      and RC4 Symmetric Encryptio n Algorithms
>
> Reviewing the latest XML Encryption Candidate Recommendation spec, it
seems
> that only
> following symmetric encryption algorithms are required:
> 1) AES/CBC (128-bit, 192-, and 256-bits)
> 2) Triple-DES/CBC are required in XML Encryption implementations.
>
> However, we are curious if there are any plans to also the option to
support
> other
> encryption algorithms such as: DES, RC2 (56- and 128-bit), and RC4 (56-
and
> 128-bit).
>
> I understand the propensity of avoiding the usage of weak encryption
> algorithms,
> but there may be some scenarious where this may be useful, e.g.,
> compatibility
> with PKCS7/SMIME encryption which has similar support or siutations where
> encryption exports from US requires weaker encryption option. Now, we do
> understand that XML Encryption implementatiln providers could expose the
> use of such encryption alogirthms and key-lengths, but we would need
> standardized support for the relevant URIs for DES, RC2, and RC4 to ensure
> interoperability of the relevant URIs that define these additional
> encryption options.
>
> thanks,
> Zahid
>
>
>

Received on Wednesday, 19 June 2002 18:06:25 UTC