The XML Security WG would like to refine the question about the
suitability of elliptic curve as a mandatory to implement algorithm
for XML Signature 1.1 by highlighting that the scope of elliptic
curve is greatly limited in what is proposed to be mandatory in XML
Signature 1.1.
As T-Mobile pointed out previously in their comments [1], the specific
curve being used in an instance of ECDSA is important and there are a
few sets of well-known ("named") curves that have been standardized.
The P-256, P-384 and P-521 curves are three of the five NIST-defined
prime curves.
Since the publication of the First Public Working Draft of XML
Signature 1.1, the following clarifying text was added by the XML
Security WG to the end of section 6.4.3 of XML Signature 1.1 [2]:
"This specification REQUIRES implementations to support the
ECDSAwithSHA256 signature algorithm, which is ECDSA over the P-256
prime curve specified in Section D.2.3 of FIPS 186-3 [FIPS186-3] (and
using the SHA-256 hash algorithm). It is further RECOMMENDED that
implementations also support ECDSA over the P-384 and P-521 prime
curves; these curves are defined in Sections D.2.4 and D.2.5 of FIPS
186-3, respectively."
It is important to realize that by reducing the scope of the
requirement to a specific curve that this should simplify evaluation
of whether it is desirable to make this mandatory to implement.
The XML Security WG would also like to note the importance of this
algorithm to US Government customers, as evidenced by their adoption
of Suite B [3]. This is reflected in the XML Security WG Use Cases
and Requirements document in section 3.5.2.3 [4].
These considerations can also apply to the decision of which
algorithms should be required in Widget Signature.
Please share this additional information in your organization and
indicate if it would cause any change in position regarding the
mandatory to implement algorithms.
Thank you
regards, Frederick
Frederick Hirsch, Nokia
Chair XML Security WG
[1] http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0842.html
[2]
http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm#sec-SignatureAlg
[3] Fact Sheet NSA Suite B Cryptography,
http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
[4] http://www.w3.org/TR/2009/WD-xmlsec-reqs-20090226/#algorithm-suiteb