- From: Tom Gindin <tgindin@us.ibm.com>
- Date: Tue, 26 Nov 2002 17:09:00 -0500
- To: reagle@w3.org
- Cc: <xml-encryption@w3.org>
FIPS 197 appears to be stable. CSRC's web page for AES hasn't been
updated all year.
On the other hand, CMS-AES draft 5 makes no reference to RSA#1 v1.5
until the security considerations section, and IMHO there seems to be
little point in using it as an intermediate reference instead of going
straight to the stable RFC 2437. You could say that the two RSA variants
are the ones which have been used for key transport in documents of the CMS
series, of course.
Tom Gindin
Joseph Reagle <reagle@w3.org>@w3.org on 11/26/2002 04:23:35 PM
Please respond to reagle@w3.org
Sent by: xml-encryption-request@w3.org
To: <xml-encryption@w3.org>
cc:
Subject: Editorial Details before publishing REC
As we ready to publish the next version of XENC [1] and the Decryption
Transform [2]:
1. We still have two questionable references.
Is FIPS 197 the correct and stable specification for AES? (Any updates?)
AES
NIST FIPS 197: Advanced Encryption Standard (AES).
November 2001.
http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
CMS-AES version 04 has expired, but we profile it for our purposes. I'm
willing to update this to version 05 if someone can vouch the substantive
bits that we've profiled have not changed.
CMS-AES
Use of the Advanced Encryption Algorithm in CMS. J. Schaad
and R. Housley. Internet-Draft, January 2002.
http://www.ietf.org/internet-drafts/draft-ietf-smime-aes-alg-04.txt
2. Has anyone noted any editorial problems with the bits in red in the two
editorial drafts? If not, they will be the final text! <smile/>
[1] http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/
[2] http://www.w3.org/Encryption/2001/Drafts/xmlenc-decrypt.html
Received on Tuesday, 26 November 2002 17:42:05 UTC