ACTION-257: Randomized Hashing (RMX) and Signing (RSA-PSS) provide a Proposal

Randomized Hashing (RMX) and Signing (RSA-PSS) provide a Proposal

State:
closed
Person:
Konrad Lanz
Due on:
April 14, 2009
Created on:
April 7, 2009
Related emails:
  1. RE: Konrad's actions (ACTION-485) (from PRATIK.DATTA@oracle.com on 2010-02-25)
  2. Agenda - Distributed Meeting 2010-02-16 (from frederick.hirsch@nokia.com on 2010-02-12)
  3. Re: Konrad's actions (ACTION-485) (from frederick.hirsch@nokia.com on 2010-02-12)
  4. Konrad's actions (ACTION-485) (from tlr@w3.org on 2010-02-09)
  5. HMAC output length erratum for XML Signature 1.0 (Re: Is ACTION-297 the impact of ISSUE-105 (HMAC output length is defined on bits base64 on octets) on the XMLDSig 1.0 errata ? (see also: ACTION-298 and ACTION-320)) (from tlr@w3.org on 2009-12-07)
  6. Draft minutes for Sep 8 (from cantor.2@osu.edu on 2009-09-08)
  7. Is ACTION-297 the impact of ISSUE-105 (HMAC output length is defined on bits base64 on octets) on the XMLDSig 1.0 errata ? (see also: ACTION-298 and ACTION-320) (from Konrad.Lanz@iaik.tugraz.at on 2009-09-08)
  8. Agenda: Distributed Meeting 2009-09-08 (from frederick.hirsch@nokia.com on 2009-09-04)
  9. Draft minutes for September 01 (from John_Wray@notesdev.ibm.com on 2009-09-01)
  10. Agenda: Distributed Meeting 2009-09-01 v2 (resend) (from frederick.hirsch@nokia.com on 2009-08-31)
  11. Agenda: Distributed Meeting 2009-09-01 v2 (from Frederick.Hirsch@nokia.com on 2009-08-31)
  12. Agenda: Distributed Meeting 2009-09-01 (from frederick.hirsch@nokia.com on 2009-08-17)
  13. Randomized hashing work item - proposal and decision for 1.1 (from frederick.hirsch@nokia.com on 2009-08-17)
  14. [ACTION-257] unified proposal for changes to support randomized hashing and signing (from Konrad.Lanz@iaik.tugraz.at on 2009-06-09)
  15. F2F Minutes updated - revision for approval (from frederick.hirsch@nokia.com on 2009-06-02)
  16. Draft minutes from May 13 (from pratik.datta@oracle.com on 2009-05-21)
  17. Re: April 28 2009 draft minutes (from shivarammysore@yahoo.com on 2009-04-29)

Related notes:

ds:Reference level (Randomized Hashing): http://www.w3.org/2007/xmlsec/ws/papers/11-mcintosh-ibm
ds:SignatureMethod level (RSA-PSS): http://www.w3.org/2007/xmlsec/ws/papers/08-lanz-iaik/

my action is to unify the two proposals

a second step would be to push back on checking whether the salt in the various places may be substituted by using only one salt in all the places, as the main advantage of the salt is to move from an off-line attack to an on-line attack

Konrad Lanz, 7 Apr 2009, 14:40:45

[fjh2]: we defer randomized hashing for 2.0

13 May 2009, 20:56:37

Only outstanding issue is: "Whether salt can or should be reused"!

Follow up and provide unified proposal for changes to support randomized hashing and signing.

Konrad Lanz, 8 Sep 2009, 15:23:33

Display change log.

Chair, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 257.html,v 1.1 2017/01/10 16:23:44 carine Exp $