[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (EBXMLMSG-45) PMode parameter for Key Transport algorithm
[ https://issues.oasis-open.org/browse/EBXMLMSG-45?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=61255#comment-61255 ] Sander Fieten commented on EBXMLMSG-45: --------------------------------------- An option to resolve this issue is also to add a more general KeyTransportParameters P-Mode parameter and leave the details up to the implementations. This way we also ensure that parameters for new key transport algorithms can be handled. > PMode parameter for Key Transport algorithm > ------------------------------------------- > > Key: EBXMLMSG-45 > URL: https://issues.oasis-open.org/browse/EBXMLMSG-45 > Project: OASIS ebXML Messaging Services TC > Issue Type: Improvement > Components: Core Spec > Reporter: Pim van der Eijk > > For encryption, the core specification currently has a PMode PMode[1].Security.X509.Encryption.Algorithm which identifies "the encryption algorithm to be used" based on W3C XML Encryption algorithm identifiers. > XML Encryption actually distinguishes two algorithms: > xenc:EncryptedData / xenc:EncryptionMethod / @Algorithm > The value is an identifier of a block encryption algorithm like http://www.w3.org/2001/04/xmlenc#aes128-cbc or http://www.w3.org/2001/04/xmlenc#tripledes-cbc. > xenc:EncryptedKey / xenc:EncryptionMethod / @Algorithm > The value is an identifier of an algorithm used for Key Transport. XML encryption currently recommends http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p, commonly used values include http://www.w3.org/2001/04/xmlenc#rsa-1_5. > I assume the PMode parameter identifies the first use. There does not seem to be a parameter for the second one? When using WS-SecurityPolicy, it would be needed to select the correct policy, e.g. Basic128Sha256 versus Basic128Sha256Rsa15. > (This is not to promote WS-SecurityPolicy, the ebMS3 approach of directly using the W3C Signature and Encryption parameters is actually more future-proof than WS-SecurityPolicy's identifiers, just to note that some implementers of ebMS3 will use security toolkits that are configured using WS-SecurityPolicy). > -- This message was sent by Atlassian JIRA (v6.2.2#6258)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]