Russ,
The only reference I know for 3DES MAC is from Section 8.5 of PKCS#11 on
"Data Types for Mechanisms" where it is included in the list of mechanism
types that could be supported by a token as follow:
For Cryptoki Version 2.01, the following mechanism types are defined:
#define CKM_DES3_MAC 0x00000134
#define CKM_DES3_MAC_GENERAL 0x00000135
Francois Rousseau
AEPOS Technologies
At 03:49 PM 12/11/98 -0500, you wrote:
Francois:
I guess that I should remove DES MAC.
I do not know of any reference fro 3DES MAC.
Russ
At 08:10 AM 11/11/98 -0500, Francois Rousseau wrote:
Russ,
Further to Jim's EMail and although I did not attend the meeting in
Chicago, the minutes of the meeting on this issue states that:
"Slide #9: Message Authentication Code (MAC) Algorithms: The group decided
by a clear majority that HMAC-with-SHA1 will be the mandatory-to-implement
algorithm. The wording in CMS will be: "If authenticatedData is
implemented, then HMAC-with-SHA1 must be implemented." The group also
decided that DES MAC will not be included in CMS as an optional algorithm."
As suggested by Jim, I would for myself prefer 3DES MAC as a "may" instead
of DES MAC.
Francois Rousseau
AEPOS Technologies
<snip>
5. Section 12.5.2. DES MAC should be struck and replace
with 3DES MAC.
My notes from Chicago indicate that HMAC with SHA-1 and DES
MAC are the two
algorithms that will be included. As 12.5 says: "CMS
implementations that
support authenticatedData must include HMAC with SHA-1. CMS
implementations
may also include DES MAC."
I'll believe your notes over my memory. I had thought that DES MAC was
struck and replaced with 3DES MAC.
Enjoy,
Russ