[xmlsec] Re: GOST support in xmlsec

[Aleksey Sanin]

>> 1) How does your implementation correlate to the following
>> ietf draft?
>>
>> http://xml.coverpages.org/draft-chudov-cryptopro-cpxmldsig-00.txt
>>
>> Seems like both are about GOST algorithms :)
> 
> Our implementation doesn't implement algorithm-specific key
> representation, it uses X.509-format. But so, it doesn't conflict with
> the draft.
> 
> How did you find this draft at the site? I was able to find it only
> searching by word "GOST".
> 

google for "gost xmldsig": the first link does not open but
it gives you the "draft-chudov-cryptopro-cpxmldsig-00.txt"
filename to do the next google search :)

> 
>> 2) I noticed that there are a couple files with Cryptocom name
>> in them. Is your company OK with releasing these files under MIT
>> license (same as all other xmlsec sources)? Can you explicitly
>> state these in the files, please?
> 
> Is there a standard form of such a disclaimer? Our company is OK with
> releasing them under MIT license.
> 
> I've found only 2 files mentioning our company, and not all the
> identifiers from them are necessary.

Thanks! Can you put a standard xmlsec header in these files, please?
For example, AOL donated a lot of code to xmlsec-nss implementation
(take a look at the files in src/nss folder).

> 
>> 3) What does user need to actually use these new GOST algorithms?
>> Is it a part of standard Windows distribution? OpenSSL distribution?
> 
> The user should install a CSP providing the algorithms to use these
> algorithms. There are at least 3 commercial products providing the
> algorithms.
> 
> Unfortunately other crypto libraries don't support the GOST algorithms.
> Though we have a huge patch to OpenSSL providing them.

OK, it would be good to document these somewhere in the code.


>> 4) I noticed few "FIXME" comments in the code. Is it real? How much
>> more work is there?
> 
> Oh, sorry. They can be completely removed.

:) Great!

I am waiting for another patch with these changes :)

Thanks!
Aleksey