[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] Issue 24: [Protection Order] Property using same source for keys
Comments inline. Cheers Gudge > -----Original Message----- > From: Marc Goodner [mailto:mgoodner@microsoft.com] > Sent: 09 February 2006 20:28 > To: Dittmann, Werner; ws-sx@lists.oasis-open.org > Subject: [ws-sx] Issue 24: [Protection Order] Property using > same source for keys > > This is now logged as issue 24. > > Marc Goodner > Technical Diplomat > Microsoft Corporation > Tel: (425) 703-1903 > Blog: http://spaces.msn.com/mrgoodner/ > > > -----Original Message----- > From: Dittmann, Werner [mailto:werner.dittmann@siemens.com] > Sent: Thursday, February 09, 2006 12:04 AM > To: ws-sx@lists.oasis-open.org > Cc: Marc Goodner > Subject: [ws-sx] [Protection Order] Property using same > source for keys > > PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL > THE ISSUE IS ASSIGNED A NUMBER. > > The issues coordinators will notify the list when that has occurred. > > Protocol: ws-sp > ws-securitypolicy-1.2-spec-ed-01-r03-diff.pdf > > Artifact: spec > > Type: desing > > Title: [Protection Order] Property using same source for keys > > Description: > > In "EncryptBeforeSigning" the spec states that both keys MUST derived > from the same source. What does this mean? Use the same certificate > for both actions (for example if a X509 cert is used). In that case > this seems an unnecessary restriction. At least WS Security does not > mandate this. Also using the same cert to encrypt and sign is not a > good security practice. [MJG] If derived keys are being used, then the derived key used for encryption and the derived key used for signature MUST be derived from the same source key ( which in the case of X509 certs would typically be an encrypted key per WSS 1.1 ). We should clarify the text here. > > Related issues: > i009 Support for different key pairs for sign and encrypt in SP > > Proposed Resolution: > Extend the ws-sp spec to support different key sources. > > Werner Dittmann > Siemens COM MN CC BD TO > mailto:Werner.Dittmann@siemens.com > Tel: +49(0)89 636 50265 > Mobil: +49(0)172 85 85 245 >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]