- From: Thomas Roessler <tlr@w3.org>
- Date: Tue, 7 Jul 2009 08:02:28 +0200
- To: Brian LaMacchia <bal@exchange.microsoft.com>
- Cc: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Partially as a memo to myself, these also need to be merged into the algorithms xref note. -- Thomas Roessler, W3C <tlr@w3.org> On 6 Jul 2009, at 19:18, Brian LaMacchia wrote: > Folks, > > I’ve committed revision 1.73 of xmldsig-core-11\Overview.htm, which > includes text to resolve ACTION-142. Specifically, now that FIPS > 186-3 is out defining DSAwithSHA224 and DSAwithSHA256, I’ve made the > following updates: > > In Section 6, define the identifier DSAwithSHA256 (http://www.w3.org/2009/xmldsig11#dsa-sha256 > ) as an OPTIONAL signature algorithm. > > In Section 6.4.1, added DSAwithSHA256, updated the language in > paragraph 1 to describe the four variants of DSA, and updated the > Security Considerations section (there was a duplicate paragraph > there, among other problems). (Cynthia, I made these changes before > seeing your comments – see if you’re OK with the new version or if I > need to update/revise.) > > In keeping with the way we did RSA, where we didn’t put the key size > in the algorithm URI, I chose to do the same thing with DSA. So the > intent is that the DSAwithSHA256 AlgID should be used for both 2048- > bit DSA and 3072-bit DSA with SHA-256. Similarly, since we don't > use SHA-224 anywhere else in the XMLDSIG spec, I did not define a > corresponding DSAwithSHA224 (which would be 2048-bit keys & > SHA-224). We can add that if people think it’s necessary, but I > didn’t see a compelling reason. > > --bal >
Received on Tuesday, 7 July 2009 06:23:07 UTC