[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [Protection Order] Property using same source for keys
PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER. The issues coordinators will notify the list when that has occurred. Protocol: ws-sp ws-securitypolicy-1.2-spec-ed-01-r03-diff.pdf Artifact: spec Type: desing Title: [Protection Order] Property using same source for keys Description: In "EncryptBeforeSigning" the spec states that both keys MUST derived from the same source. What does this mean? Use the same certificate for both actions (for example if a X509 cert is used). In that case this seems an unnecessary restriction. At least WS Security does not mandate this. Also using the same cert to encrypt and sign is not a good security practice. Related issues: i009 Support for different key pairs for sign and encrypt in SP Proposed Resolution: Extend the ws-sp spec to support different key sources. Werner Dittmann Siemens COM MN CC BD TO mailto:Werner.Dittmann@siemens.com Tel: +49(0)89 636 50265 Mobil: +49(0)172 85 85 245
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]