[widget-digsig] Pls review: Additional considerations on elliptic curve algorithms to consider

Wed, 08 Apr 2009 03:31:55 -0700

The XML Security WG would like to refine the question about the suitability of elliptic curve as a mandatory to implement algorithm for XML Signature 1.1 by highlighting that the scope of elliptic curve is greatly limited in what is proposed to be mandatory in XML Signature 1.1.
As T-Mobile pointed out previously in their comments [1], the specific curve being used in an instance of ECDSA is important and there are a few sets of well-known ("named") curves that have been standardized. The P-256, P-384 and P-521 curves are three of the five NIST-defined prime curves. 


Since the publication of the First Public Working Draft of XML   
Signature 1.1, the following clarifying text was added by the XML  
Security WG to  the end of section 6.4.3 of XML Signature 1.1 [2]:



"This specification REQUIRES implementations to support the   
ECDSAwithSHA256 signature algorithm, which is ECDSA over the P-256   
prime curve specified in Section D.2.3 of FIPS 186-3 [FIPS186-3] (and   
using the SHA-256 hash algorithm). It is further RECOMMENDED that   
implementations also support ECDSA over the P-384 and P-521 prime   
curves; these curves are defined in Sections D.2.4 and D.2.5 of FIPS   
186-3, respectively."



It is important to realize  that by reducing the scope of the   
requirement to a specific curve that this should simplify evaluation    
of whether it is desirable to make this  mandatory to implement.



The XML Security WG would also like to note the importance of this   
algorithm to US Government customers, as evidenced by their adoption   
of Suite B [3]. This is reflected in the XML Security WG Use Cases  
and  Requirements document in section 3.5.2.3 [4].



These considerations can also apply to the decision of which    
algorithms should be required in Widget Signature.



Please share this additional information in your organization and   
indicate if it would cause any change in position regarding the   
mandatory to implement algorithms.


Thank you

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG


[1] http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0842.html

[2] 
http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm#sec-SignatureAlg

[3] Fact Sheet NSA Suite B Cryptography, 
http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml

[4] http://www.w3.org/TR/2009/WD-xmlsec-reqs-20090226/#algorithm-suiteb



























					Reply via email to