OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] (EBXMLMSG-45) PMode parameter for Key Transport algorithm

    [ https://issues.oasis-open.org/browse/EBXMLMSG-45?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=61255#comment-61255 ] 

Sander Fieten commented on EBXMLMSG-45:
---------------------------------------

An option to resolve this issue is also to add a more general KeyTransportParameters P-Mode parameter and leave the details up to the implementations. This way we also ensure that parameters for new key transport algorithms can be handled.

> PMode parameter for Key Transport algorithm
> -------------------------------------------
>
>                 Key: EBXMLMSG-45
>                 URL: https://issues.oasis-open.org/browse/EBXMLMSG-45
>             Project: OASIS ebXML Messaging Services TC
>          Issue Type: Improvement
>          Components: Core Spec
>            Reporter: Pim van der Eijk
>
> For encryption,  the core specification currently has a PMode PMode[1].Security.X509.Encryption.Algorithm which identifies "the encryption algorithm to be used" based on W3C XML Encryption algorithm identifiers.    
> XML Encryption actually distinguishes two algorithms:
> xenc:EncryptedData / xenc:EncryptionMethod / @Algorithm
> The value is an identifier of a block encryption algorithm like http://www.w3.org/2001/04/xmlenc#aes128-cbc or http://www.w3.org/2001/04/xmlenc#tripledes-cbc.
> xenc:EncryptedKey / xenc:EncryptionMethod / @Algorithm
> The value is an identifier of an algorithm used for Key Transport.  XML encryption currently recommends http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p,  commonly used values include http://www.w3.org/2001/04/xmlenc#rsa-1_5.
> I assume the PMode parameter identifies the first use.  There does not seem to be a parameter for the second one?  When using WS-SecurityPolicy, it would be needed to select the correct policy,  e.g. Basic128Sha256 versus Basic128Sha256Rsa15.
> (This is not to promote WS-SecurityPolicy,  the ebMS3 approach of directly using the W3C Signature and Encryption parameters is actually more future-proof than WS-SecurityPolicy's identifiers,  just to note that some implementers of ebMS3 will use security toolkits that are configured using WS-SecurityPolicy).
>  



--
This message was sent by Atlassian JIRA
(v6.2.2#6258)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]