proposed FIPS reference changes for XML Signature, Second Edition from Frederick Hirsch on 2008-03-05 (public-xmlsec-maintwg@w3.org from March 2008) (original) (raw)
We have two issues related to the FIPS references in the XML
Signature draft
We reference FIPS 186-2 for DSS, with a URI that doesn't exist any
more:
Proposal is to update that link from:
http://csrc.nist.gov/publications/fips/fips186-2/fips186-2.pdf
to:
http://csrc.nist.gov/publications/fips/fips186-2/fips186-2- change1.pdf
The change notice section notes a restriction related to the DSA
modulus, and also changes related to random number generation.
It is important that participants in the XML Signature, Second
Edition WG indicate whether changing this reference is an issue (or
not) for their implementations. Please send a message to the members
list noting whether the reference change is acceptable or not.
We reference FIPS 180-1 for SHA-1:
http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#ref-SHA-1
(FIPS 180-1 is also linked from section 6.2.1.)
The links we are using for 180-1 are no longer working, and FIPS
180-1 has been superseded by FIPS 180-2 (with a change notice).
The proposal is to change the normative reference for SHA-1 to FIPS
180-2.
http://csrc.nist.gov/publications/fips/fips180-2/ fips180-2withchangenotice.pdf
The change here seems to be to add additional hash algorithms which
would not impact XML Signature, Second Edition.
(It appears as though a FIPS 180-3 is scheduled for publication some
time soon, which would in turn supersede 180-2.
http://csrc.nist.gov/publications/drafts/fips_180-3/
draft_fips-180-3_June-08-2007.pdf )
Please review these proposed changes and post any suggestion or
concern on the public list (or for product/implementation
acceptability or issues on the members list). We would like to
resolve this issue on the mailing lists this week if possible.
Thanks
regards, Frederick
Frederick Hirsch, Nokia Chair XML Security Specifications Maintenance WG
Received on Wednesday, 5 March 2008 15:52:49 UTC