OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [security-services] [XML Signature]SAML profile of XML Signature

1. it will give more prominent stature to one algorithm, and
2. it will leave a vacuum in other possible algorithm recommendations
(should we recommend RSA with SHA over RSA with MD5, when using SSL, should
we recommend cipher suite "abc" over "xyz", etc.)

What if three years from now another algorithm (say Elliptic Curve with DSA)
became prevalent? Would the version of SAML then recommend EDSA? XML DSIG
already has a <SignatureMethod> that identifies the algorithm. That is
sufficient for the verifier to determine what needs to be done to verify.


Jahan Moreh
Chief Security Architect
Sigaba Corp.
jmoreh@sigaba.com <mailto:jmoreh@sigaba.com>
cell: 310.890.9391
tel: 310.286.3070

>-----Original Message-----
>From: rsalz@zolera.com [mailto:rsalz@zolera.com]
>Sent: Thursday, October 25, 2001 9:29 AM
>To: jmoreh@sigaba.com
>Subject: Re: [security-services] [XML Signature]SAML profile of XML
>why is it not appropriate to recommend a signature algorithm?
>Zolera Systems, Your Key to Online Integrity
>Securing Web services: XML, SOAP, Dig-sig, Encryption
>To subscribe or unsubscribe from this elist use the subscription
>manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC