[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [regrep-security] Need help with Errata in security section in RS2.0
Just to clarify. The changes are for a V2.1 spec and not for an errata document. Farrukh Najmi wrote: > Sekhar, > > During implementation of ebxmlrr project we have found the following > errors in the security related areas of RS 2.0. > We need to fix these in an errata within the next few weeks. I need your > help in reviewing / reolving these issues. Also if anyone else is aware > of any other issues please send the issue and how to address the issue > to me. > > Thanks for treating this as a high priority. Call me at 781-942-7277 if > something needs clarification. > > RS 2.0 Security Issues > ----------------------- > > -RS 3732 > > http://www.w3.org/2000/09/xmldsig/#dsa-sha1 This URL is broken and needs > a replacement > > -RS 3735 and 3837 (ds:Signature should really say ds:SignedInfo. It is > ds:SignedInfo that contains the ds:CanonicalizationMethod element and > not ds:Signature directly. See attached servletReq.mime. > > Also in statement below, the URL is broken. Also The ds:SignatureMethod > should not contain ds:CanonicalizationMethod. > They are siblings. It should be the ds:SignedInfo that contains the > ds:CanonicalizationMethod. > > "The ds:SignatureMethod element must contain a ds:CanonicalizationMethod > element. The following Canonicalization algorithm (specified in > [XMLDSIG]) must be supported > http://www.w3.org/TR/2001/REC-xml-c14n-2001315"; > > -RS 3746 > > SignedValue should be SignatureValue > > -- > Regards, > Farrukh > > ------------------------------------------------------------------------ > <soap-env:Envelope xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12"; xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/"; soap-env:actor="some-uri" soap-env:mustUnderstand="1"> > > <soap-env:Header> > <SOAP-SEC:Signature><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:SignedInfo> > <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";></ds:CanonicalizationMethod> > <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1";></ds:SignatureMethod> > <ds:Reference URI="#Body"> > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > <ds:DigestValue>GlIvsIp/oj8Cf/rMAsfTlOPYY4U=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > <ds:SignatureValue>dhUX/q1MpU2InxQwPxOVqdB2D3iBaPS4MyUvnwjKQlKfN2Qyshvxvw==</ds:SignatureValue> > <ds:KeyInfo> > <ds:X509Data> > <ds:X509Certificate>MIIC5zCCAqUCBDxUrgYwCwYHKoZIzjgEAwUAMFkxDDAKBgNVBAYTA1VTQTEZMBcGA1UEChMQU3Vu > IE1pY3Jvc3lzdGVtczEWMBQGA1UECxMNSmF2YSBTb2Z0d2FyZTEWMBQGA1UEAxMNRmFycnVraCBO > YWptaTAeFw0wMjAxMjgwMTQ4NTRaFw0wMjA0MjgwMTQ4NTRaMFkxDDAKBgNVBAYTA1VTQTEZMBcG > A1UEChMQU3VuIE1pY3Jvc3lzdGVtczEWMBQGA1UECxMNSmF2YSBTb2Z0d2FyZTEWMBQGA1UEAxMN > RmFycnVraCBOYWptaTCCAbgwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3 > UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAi > wk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdg > UI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlX > jrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8fti > egEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kqA4GFAAKBgQCb9vZKLHWpDT/e3hsW > n2AwY8iyPWAmdxiFNAPOCVHc1B6sRHJ4saTNLtsjBTj60v7mZTpd9o4RLigOpQY4X02y5GF+85w2 > aNUO3yHNRMTLxdbK2G+tS/e9j38efs0K1FoA4DopZGS4HdVge/phy7KDdiI9iPfuXNrvlA7ld4qM > cjALBgcqhkjOOAQDBQADLwAwLAIUFpw7Czlhr0CcZex9Ude/8Ce41P4CFAqvcVXmCGvErnRasuTO > 3XWaO2IL</ds:X509Certificate> > </ds:X509Data> > <ds:KeyValue> > <ds:DSAKeyValue> > <ds:P> > /X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuA > HTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu > K2HXKu/yIgMZndFIAcc= > </ds:P> > <ds:Q>l2BQjxUjC8yykrmCouuEC/BYHPU=</ds:Q> > <ds:G> > 9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3 > zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKL > Zl6Ae1UlZAFMO/7PSSo= > </ds:G> > <ds:Y> > m/b2Six1qQ0/3t4bFp9gMGPIsj1gJncYhTQDzglR3NQerERyeLGkzS7bIwU4+tL+5mU6XfaOES4o > DqUGOF9NsuRhfvOcNmjVDt8hzUTEy8XWythvrUv3vY9/Hn7NCtRaAOA6KWRkuB3VYHv6Ycuyg3Yi > PYj37lza75QO5XeKjHI= > </ds:Y> > </ds:DSAKeyValue> > </ds:KeyValue> > </ds:KeyInfo> > </ds:Signature></SOAP-SEC:Signature></soap-env:Header> > > <soap-env:Body SOAP-SEC:id="Body"> > > <AdhocQueryRequest xmlns="urn:oasis:names:tc:ebxml-regrep:query:xsd:2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="urn:oasis:names:tc:ebxml-regrep:query:xsd:2.0 query.xsd"> > <ResponseOption returnComposedObjects="true" returnType="LeafClassWithRepositoryItem"></ResponseOption> > <SQLQuery> > SELECT * FROM ClassificationScheme > </SQLQuery> > </AdhocQueryRequest> > </soap-env:Body> > > </soap-env:Envelope> -- Regards, Farrukh
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC