[xmlsec] Re: GOST support in xmlsec

Dmitry Belyavsky beldmit at cryptocom.ru
Wed Feb 8 09:37:29 PST 2006


On Tue, 7 Feb 2006, Aleksey Sanin wrote:

> I looked at your patch and looks very good by I have several
> "meta" questions about it.
> 1) How does your implementation correlate to the following
> ietf draft?
> http://xml.coverpages.org/draft-chudov-cryptopro-cpxmldsig-00.txt
> Seems like both are about GOST algorithms :)

Our implementation doesn't implement algorithm-specific key
representation, it uses X.509-format. But so, it doesn't conflict with
the draft.

How did you find this draft at the site? I was able to find it only
searching by word "GOST".

> 2) I noticed that there are a couple files with Cryptocom name
> in them. Is your company OK with releasing these files under MIT
> license (same as all other xmlsec sources)? Can you explicitly
> state these in the files, please?

Is there a standard form of such a disclaimer? Our company is OK with
releasing them under MIT license.

I've found only 2 files mentioning our company, and not all the
identifiers from them are necessary.

> 3) What does user need to actually use these new GOST algorithms?
> Is it a part of standard Windows distribution? OpenSSL distribution?

The user should install a CSP providing the algorithms to use these
algorithms. There are at least 3 commercial products providing the

Unfortunately other crypto libraries don't support the GOST algorithms.
Though we have a huge patch to OpenSSL providing them.

> 4) I noticed few "FIXME" comments in the code. Is it real? How much
> more work is there?

Oh, sorry. They can be completely removed.

SY, Dmitry Belyavsky (ICQ UIN 11116575)

More information about the xmlsec mailing list