ACTION-319: Split DH Key agreement between new & legacy KDFs from Brian LaMacchia on 2009-07-06 (public-xmlsec@w3.org from July 2009)

From: Brian LaMacchia <bal@exchange.microsoft.com>
Date: Mon, 6 Jul 2009 17:28:49 +0000
To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <03703CBF081F9E4CA49CF5FF131362E60D539F3A@DF-M14-05.exchange.corp.microsoft.com>

Folks,

I've committed revision 1.30 of xmlenc-core-11\Overview.htm, which includes text to resolve ACTION-319 for Diffie-Hellman.  Specifically, Section 5.6.2, Diffie-Hellman Key Agreement, now has two subsections:

5.6.2.1. Diffie-Hellman Key Agreement with new Key Derivation Functions
5.6.2.2. Diffie-Hellman Key Agreement with Legacy Key Derivation Function

5.6.2.2 has the "legacy KDF" that was defined for DH in XMLENC 1.0, and 5.6.2.1 is for use with the new standard elements for Key Derivation that Magnus introduced.  I made 5.6.2.1 say that it is RECOMMENDED that implementations use a new KDF in the standard format if doing DH, but if you implement DH you're REQUIRED to support the legacy format since it was defined in 1.0.  Also, the best/only way I could come up with to distinguish between legacy and new for DH is to key off the absence or presence of the KA-Nonce element (absence == new, presence == legacy).

I also put a placeholder in Section 5.6.2.1 for an example, since it seemed like a good idea to have one there.


                                                                                --bal

Received on Monday, 6 July 2009 17:29:33 UTC