Re: rsa/oaep

r/reagle@w3.org/2002.05.24/17:59:48
>On Friday 24 May 2002 10:44, merlin wrote:
>> We had a long discussion on the list about RSA/OAEP, ending in:
>>   http://lists.w3.org/Archives/Public/xml-encryption/2002Apr/0122.html
>>
>> Something is still unclear to me from the discussion, as reflected in:
>>  
>> http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/Overview.html#sec-RS
>>A-OAEP
>>
>> Is the DigestMethod child optional?
>
>I presume not. (I've argued it shouldn't.) Don, do you mind if I make it 
>required?

FWIW, I agree with you. I dislike the fixed SHA-1 for MGF but 
that has been declared final.

>> (Aside: The Schema Definition quoted in 5.4.2 is no longer current.)
>
>In what way?

§5.4.2: Schema Definition:
  ...
  <element name='OAEPparams' minOccurs='0' type='base64Binary'/>
  <element ref='ds:DigestMethod' minOccurs='0'/>
  ...

§3.2 Schema Definition:
  <element name='OAEPparams' minOccurs='0' type='base64Binary'/>
  <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>

merlin

Received on Friday, 24 May 2002 18:12:29 UTC