[xmlsec] Re: GOST support in xmlsec

Aleksey Sanin aleksey at aleksey.com
Wed Feb 8 11:20:23 PST 2006

>> 1) How does your implementation correlate to the following
>> ietf draft?
>> http://xml.coverpages.org/draft-chudov-cryptopro-cpxmldsig-00.txt
>> Seems like both are about GOST algorithms :)
> Our implementation doesn't implement algorithm-specific key
> representation, it uses X.509-format. But so, it doesn't conflict with
> the draft.
> How did you find this draft at the site? I was able to find it only
> searching by word "GOST".

google for "gost xmldsig": the first link does not open but
it gives you the "draft-chudov-cryptopro-cpxmldsig-00.txt"
filename to do the next google search :)

>> 2) I noticed that there are a couple files with Cryptocom name
>> in them. Is your company OK with releasing these files under MIT
>> license (same as all other xmlsec sources)? Can you explicitly
>> state these in the files, please?
> Is there a standard form of such a disclaimer? Our company is OK with
> releasing them under MIT license.
> I've found only 2 files mentioning our company, and not all the
> identifiers from them are necessary.

Thanks! Can you put a standard xmlsec header in these files, please?
For example, AOL donated a lot of code to xmlsec-nss implementation
(take a look at the files in src/nss folder).

>> 3) What does user need to actually use these new GOST algorithms?
>> Is it a part of standard Windows distribution? OpenSSL distribution?
> The user should install a CSP providing the algorithms to use these
> algorithms. There are at least 3 commercial products providing the
> algorithms.
> Unfortunately other crypto libraries don't support the GOST algorithms.
> Though we have a huge patch to OpenSSL providing them.

OK, it would be good to document these somewhere in the code.

>> 4) I noticed few "FIXME" comments in the code. Is it real? How much
>> more work is there?
> Oh, sorry. They can be completely removed.

:) Great!

I am waiting for another patch with these changes :)


More information about the xmlsec mailing list