ST_AlgClass is defined in wml.xsd and in pml-presentation.xsd. In the former, it allows value hash. In the latter, it allows values hash and invalid. It is unclear why it is legal to specify an invalid algorithm class, and no behaviour is specified if an invalid algorithm is provided..
Remedy: Rationalize on the former
ST_AlgClass
te
Proposed Disposition of DIS 29500 Comment GB-0625 (Modified: 2008-01-04) Agreed; this simple type should be defined consistently in both of the password hashing descriptions. Before providing the proposed disposition, it should be noted that based on multiple national body comments, the current hashing mechanism and all of its attributes will be deprecated in favour of a new mechanism which utilizes only well-accepted hashing algorithms. Accordingly, we will remove this simple type from its current location in the specification (Part 4, §2.18.1, pages 1,629 and Part 4, §4.8.1, pages 3,165), and place it into a new annex for deprecated features. Following the precedent set by other ISO standards (such as SQL’s ISO 9075:2003 Part 1 and C++’s ISO/IEC 14882:1998), we will make use of a new Annex that contains normative descriptions of all deprecated features. The intent of this Annex is to enable a transitional period during which existing binary documents being migrated to DIS 29500 can make use of those deprecated features to preserve their fidelity, while noting that new documents should not use them. Accordingly, the Conformance clause will also be changed to state that newly created documents (those not created by migrating existing binary documents) should not use deprecated features. All deprecated features will be removed from their current locations in the standard, but will be fully defined in this new Annex. Within the deprecated hashing mechanism, the following changes will be made to ensure that, although deprecated, this mechanism is fully defined: Part 4, §2.18.1, page 1,629, lines 1624: [Note: Omitting this attribute is logically equivalent to assigning it the value custom . end note] This simple type’s contents are a restriction of the XML Schema string datatype. The following are possible enumeration values for this type: Enumeration Value Description hash (Hashing) Specifies that the algorithm is a hashing function, which creates a hash value for user-supplied input that is very difficult to reverse-engineer. custom (Custom Algorithm) Specifies that a custom algorithm class, specified within the parent element’s algIdExt attribute, generated the hash value. Referenced By documentProtection@cryptAlgorithmClass (§2.15.1.28); writeProtection@cryptAlgorithmClass (§2.15.1.94) The following XML Schema fragment defines the contents of this simple type: <simpleType name="ST_AlgClass"> <restriction base="xsd:string"> <enumeration value="hash"/> <enumeration value="custom"/> </restriction> </simpleType> Part 4, §4.8.1, page 3,165, lines 1524: [Note: Omitting this attribute is logically equivalent to assigning it the value custom . end note] This simple type’s contents are a restriction of the XML Schema string datatype. The following are possible enumeration values for this type: Enumeration Value Description hash (Hash Algorithm Class) A hash class algorithm is used. invalid custom ( Custom Algorithm Invalid Algorithm Class ) Specifies that a custom algorithm class, specified within the parent element’s algIdExt attribute, generated the hash value An algorithm with an invalid class is used . Referenced By modifyVerifier@cryptAlgorithmClass (§4.3.1.17) The following XML Schema fragment defines the contents of this simple type: <simpleType name="ST_AlgClass"> <restriction base="xsd:string"> <enumeration value="hash"/> <enumeration value=" invalid custom "/> </restriction> </simpleType>
