[xmlsec] Re: GOST support in xmlsec
Aleksey Sanin
aleksey at aleksey.com
Wed Feb 8 11:20:23 PST 2006
>> 1) How does your implementation correlate to the following
>> ietf draft?
>>
>> http://xml.coverpages.org/draft-chudov-cryptopro-cpxmldsig-00.txt
>>
>> Seems like both are about GOST algorithms :)
>
> Our implementation doesn't implement algorithm-specific key
> representation, it uses X.509-format. But so, it doesn't conflict with
> the draft.
>
> How did you find this draft at the site? I was able to find it only
> searching by word "GOST".
>
google for "gost xmldsig": the first link does not open but
it gives you the "draft-chudov-cryptopro-cpxmldsig-00.txt"
filename to do the next google search :)
>
>> 2) I noticed that there are a couple files with Cryptocom name
>> in them. Is your company OK with releasing these files under MIT
>> license (same as all other xmlsec sources)? Can you explicitly
>> state these in the files, please?
>
> Is there a standard form of such a disclaimer? Our company is OK with
> releasing them under MIT license.
>
> I've found only 2 files mentioning our company, and not all the
> identifiers from them are necessary.
Thanks! Can you put a standard xmlsec header in these files, please?
For example, AOL donated a lot of code to xmlsec-nss implementation
(take a look at the files in src/nss folder).
>
>> 3) What does user need to actually use these new GOST algorithms?
>> Is it a part of standard Windows distribution? OpenSSL distribution?
>
> The user should install a CSP providing the algorithms to use these
> algorithms. There are at least 3 commercial products providing the
> algorithms.
>
> Unfortunately other crypto libraries don't support the GOST algorithms.
> Though we have a huge patch to OpenSSL providing them.
OK, it would be good to document these somewhere in the code.
>> 4) I noticed few "FIXME" comments in the code. Is it real? How much
>> more work is there?
>
> Oh, sorry. They can be completely removed.
:) Great!
I am waiting for another patch with these changes :)
Thanks!
Aleksey
More information about the xmlsec
mailing list