Gmail Calendar Documents Reader Web more »
Recently Visited Groups | Help | Sign in
Google Groups Home
Basic B2B Profile
Home
Pages
Files
About this group
Contact owner to join
Strength of R5001 (Use of RSA1.5)
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   5 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Rimas Rekasius  
View profile  
 More options May 12 2005, 4:25 pm
From: "Rimas Rekasius" <ri...@us.ibm.com>
Date: Thu, 12 May 2005 13:25:11 -0700
Local: Thurs, May 12 2005 4:25 pm
Subject: Strength of R5001 (Use of RSA1.5)
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
The current version of the Basic B2B Profile has the following
requirement in it constraining the choice of encryption algorithm:

R5001 When used for Key Transport, any xenc:EncryptionMethod/@Algorithm
attribute in an ENCRYPTED_KEY MUST have a value of
"http://www.w3.org/2001/04/xmlenc#rsa-1_5".

Question: should this be softened to a SHOULD, or is MUST the right
thing to do for the sake of interoperability?

Thanks,

Rimas


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Anthony Nadalin  
View profile  
 More options May 13 2005, 12:19 pm
From: Anthony Nadalin <drsec...@us.ibm.com>
Date: Fri, 13 May 2005 11:19:42 -0500
Local: Fri, May 13 2005 12:19 pm
Subject: Re: Strength of R5001 (Use of RSA1.5)
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

There are 2 allowed values, if each site chooses the same algorithm (OEAP
or RSA1.5) no problem (only way to do this today is out of band), so this
should be softened to "SHOULD" and http://www.w3.org/2001/04/xmlenc#rsa-1_5
should be made the default value

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122

             Rimas                                                        
             Rekasius/Chicago/                                            
             IBM@IBMUS                                                  To
                                       basicB2B@googlegroups.com          
             05/12/2005 03:25                                           cc
             PM                                                            
                                                                   Subject
                                       Strength of R5001 (Use of RSA1.5)  
             Please respond to                                            
                 basicB2B                                                  

The current version of the Basic B2B Profile has the following
requirement in it constraining the choice of encryption algorithm:

R5001 When used for Key Transport, any xenc:EncryptionMethod/@Algorithm
attribute in an ENCRYPTED_KEY MUST have a value of
"http://www.w3.org/2001/04/xmlenc#rsa-1_5".

Question: should this be softened to a SHOULD, or is MUST the right
thing to do for the sake of interoperability?

Thanks,

Rimas

  graycol.gif
< 1K Download

  pic01275.gif
1K Download

  ecblank.gif
< 1K Download

    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Christopher B Ferris  
View profile  
 More options May 13 2005, 1:01 pm
From: Christopher B Ferris <chris...@us.ibm.com>
Date: Fri, 13 May 2005 13:01:09 -0400
Local: Fri, May 13 2005 1:01 pm
Subject: Re: Strength of R5001 (Use of RSA1.5)
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
+1

Christopher Ferris
STSM, Emerging e-business Industry Architecture
email: chris...@us.ibm.com
blog: http://webpages.charter.net/chrisfer/blog.html
phone: +1 508 377 9295

Anthony Nadalin/Austin/IBM@IBMUS wrote on 05/13/2005 12:19:42 PM:

> There are 2 allowed values, if each site chooses the same algorithm

(OEAP or RSA1.5) no problem
> (only way to do this today is out of band), so this should be softened

to "SHOULD" and http://www.


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Rimas Rekasius  
View profile  
 More options May 25 2005, 6:19 pm
From: Rimas Rekasius <ri...@us.ibm.com>
Date: Wed, 25 May 2005 17:19:54 -0500
Local: Wed, May 25 2005 6:19 pm
Subject: Re: Strength of R5001 (Use of RSA1.5)
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

OK, so just to be painfully clear, the proposal is to change

R5001 When used for Key Transport, any xenc:EncryptionMethod/@Algorithm
attribute in an ENCRYPTED_KEY MUST have a value of
"http://www.w3.org/2001/04/xmlenc#rsa-1_5".

to

R5001 When used for Key Transport, any xenc:EncryptionMethod/@Algorithm
attribute in an ENCRYPTED_KEY SHOULD have a value of
"http://www.w3.org/2001/04/xmlenc#rsa-1_5".

Unless I hear any objections, I will proceed to make this change in a new
version of the profile that I am working on.

Regards,

Rimas V. Rekasius
e-business Industry Standards Architect
1-312-245-6775 (voice/FAX)
1-773-934-2705 (cell phone)

Anthony Nadalin/Austin/IBM@IBMUS
05/13/2005 11:19 AM
Please respond to
basicB2B

To
basicB2B@googlegroups.com
cc

Subject
Re: Strength of R5001 (Use of RSA1.5)

There are 2 allowed values, if each site chooses the same algorithm (OEAP
or RSA1.5) no problem (only way to do this today is out of band), so this
should be softened to "SHOULD" and
http://www.w3.org/2001/04/xmlenc#rsa-1_5 should be made the default value

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Rimas Rekasius/Chicago/IBM@IBMUS

Rimas Rekasius/Chicago/IBM@IBMUS
05/12/2005 03:25 PM

Please respond to
basicB2B

To

basicB2B@googlegroups.com

cc

Subject

Strength of R5001 (Use of RSA1.5)

The current version of the Basic B2B Profile has the following
requirement in it constraining the choice of encryption algorithm:

R5001 When used for Key Transport, any xenc:EncryptionMethod/@Algorithm
attribute in an ENCRYPTED_KEY MUST have a value of
"http://www.w3.org/2001/04/xmlenc#rsa-1_5".

Question: should this be softened to a SHOULD, or is MUST the right
thing to do for the sake of interoperability?

Thanks,

Rimas

  image_gif_part
< 1K Download

  image_gif_part
< 1K Download

  image_gif_part
< 1K Download

  image_gif_part
< 1K Download

  image_gif_part
< 1K Download

  image_gif_part
< 1K Download

  image_gif_part
< 1K Download

  image_gif_part
< 1K Download

  image_gif_part
< 1K Download

    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Anthony Nadalin  
View profile  
 More options May 30 2005, 5:05 pm
From: Anthony Nadalin <drsec...@us.ibm.com>
Date: Mon, 30 May 2005 16:05:48 -0500
Local: Mon, May 30 2005 5:05 pm
Subject: Re: Strength of R5001 (Use of RSA1.5)
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

Correct

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122

             Rimas                                                        
             Rekasius/Chicago/                                            
             IBM@IBMUS                                                  To
             Sent by:                  basicB2B@googlegroups.com          
             basicB2B@googlegr                                          cc
             oups.com                                                      
                                                                   Subject
                                       Re: Strength of R5001 (Use of      
             05/25/2005 05:19          RSA1.5)                            
             PM                                                            

             Please respond to                                            
                 basicB2B                                                  

OK, so just to be painfully clear, the proposal is to change

R5001 When used for Key Transport, any xenc:EncryptionMethod/@Algorithm
attribute in an ENCRYPTED_KEY MUST have a value of
"http://www.w3.org/2001/04/xmlenc#rsa-1_5".

to

R5001 When used for Key Transport, any xenc:EncryptionMethod/@Algorithm
attribute in an ENCRYPTED_KEY SHOULD have a value of
"http://www.w3.org/2001/04/xmlenc#rsa-1_5".

Unless I hear any objections, I will proceed to make this change in a new
version of the profile that I am working on.

Regards,

Rimas V. Rekasius
e-business Industry Standards Architect
1-312-245-6775 (voice/FAX)
1-773-934-2705 (cell phone)

 Anthony Nadalin/Austin/IBM@IBMUS                                          

                                                                        To
 05/13/2005 11:19 AM                            basicB2B@googlegroups.com  
                                                                        cc

          Please respond to                                        Subject
               basicB2B                         Re: Strength of R5001 (Use
                                                of RSA1.5)                

There are 2 allowed values, if each site chooses the same algorithm (OEAP
or RSA1.5) no problem (only way to do this today is out of band), so this
should be softened to "SHOULD" and http://www.w3.org/2001/04/xmlenc#rsa-1_5
should be made the default value

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Inactive hide details for Rimas Rekasius/Chicago/IBM@IBMUSRimas
Rekasius/Chicago/IBM@IBMUS

 Rimas Rekasius/Chicago/IBM@IBMUS                                          

 05/12/2005 03:25 PM                                                      

                                                                        To
          Please respond to                                                
               basicB2B                          basicB2B@googlegroups.com

                                                                        cc

                                                                   Subject

                                                 Strength of R5001 (Use of
                                                 RSA1.5)                  

The current version of the Basic B2B Profile has the following
requirement in it constraining the choice of encryption algorithm:

R5001 When used for Key Transport, any xenc:EncryptionMethod/@Algorithm
attribute in an ENCRYPTED_KEY MUST have a value of
"http://www.w3.org/2001/04/xmlenc#rsa-1_5".

Question: should this be softened to a SHOULD, or is MUST the right
thing to do for the sake of interoperability?

Thanks,

Rimas

  graycol.gif
< 1K Download

  pic03513.gif
1K Download

  ecblank.gif
< 1K Download

  C3813718.gif
< 1K Download

  C6086237.gif
< 1K Download

  C8635110.gif
< 1K Download

  C3196840.gif
< 1K Download

  C0317228.gif
< 1K Download

  C1146169.gif
< 1K Download

  C1352609.gif
< 1K Download

  C3481736.gif
< 1K Download

  C5374925.gif
< 1K Download

    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google